Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win7 64bit won't start [Solved]


  • This topic is locked This topic is locked

#1
stavkon13

stavkon13

    Member

  • Member
  • PipPip
  • 13 posts
First of all I'd like to say hello to everyone here, as this is my first post...

Since yesterday I've running into the same problem as mentioned in this topic

http://www.geekstogo...up-repair-loop/

I have done all the things mentioned in it and have acquired the relevant .txt file which is attached

what do I need to do next?

Thanks in advance for any help

STavkonScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2012
Ran by SYSTEM at 24-09-2012 20:51:20
Running from G:\
(X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

==================== Registry (Whitelisted) ===================

HKU\Default\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\Stav\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM-x32\...\Winlogon: [Shell] [x ] ()
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) ===================


==================== Drivers (Whitelisted) =====================


==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-24 20:44 - 2012-09-24 20:51 - 00000000 ____D C:\FRST
2012-09-22 05:17 - 2012-09-22 05:17 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pvvwrhfk.sys
2012-09-22 03:50 - 2012-09-22 03:50 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kvkiqtew.sys
2012-09-22 03:28 - 2012-09-22 03:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-22 03:27 - 2012-09-22 03:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-22 03:26 - 2012-09-22 03:28 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-22 03:26 - 2012-09-22 03:15 - 12621696 ____A (Microsoft Corporation) C:\Users\Stav\Desktop\mseinstall.exe
2012-09-19 01:08 - 2012-09-19 01:08 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-18 05:18 - 2012-09-18 05:20 - 00000000 ____D C:\Users\All Users\0C1CFB13074C31540043E7CF4F147CE7
2012-09-07 08:36 - 2012-09-07 08:36 - 00000000 ____D C:\Windows\pss
2012-09-07 08:33 - 2012-09-07 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-07 08:24 - 2012-09-07 09:18 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2012-09-07 08:22 - 2012-09-19 01:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-07 08:22 - 2012-09-07 08:22 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-07 08:22 - 2012-09-07 06:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-04 01:31 - 2012-09-07 08:31 - 00000000 ____D C:\Users\All Users\blekko toolbars
2012-09-04 01:31 - 2012-09-04 01:31 - 00001204 ____A C:\Users\Stav\Desktop\WinUtilities Startup Cleaner.lnk
2012-09-04 01:31 - 2012-09-04 01:31 - 00000000 ____D C:\Program Files (x86)\WinUtilities Startup Cleaner
2012-09-04 01:30 - 2012-09-04 01:30 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-09-02 03:45 - 2012-07-14 10:51 - 00093918 ____A C:\Users\Stav\Desktop\The Raven BDRip.srt
2012-09-02 03:44 - 2012-08-25 10:10 - 734212096 ____A C:\Users\Stav\Desktop\The Raven BDRip.avi
2012-08-28 11:23 - 2012-08-28 11:23 - 00111224 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT

==================== 3 Months Modified Files ==================

2012-09-22 10:17 - 2010-01-03 10:26 - 00001184 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-22 05:17 - 2012-09-22 05:17 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pvvwrhfk.sys
2012-09-22 03:52 - 2010-01-03 10:26 - 00001180 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-22 03:50 - 2012-09-22 03:50 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kvkiqtew.sys
2012-09-22 03:50 - 2012-05-30 09:35 - 00078792 ____A C:\Windows\System32\Drivers\5a123ba2b4731264.sys
2012-09-22 03:34 - 2009-07-13 20:45 - 00016080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-22 03:34 - 2009-07-13 20:45 - 00016080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-22 03:29 - 2009-11-21 19:58 - 01393870 ____A C:\Windows\WindowsUpdate.log
2012-09-22 03:28 - 2012-09-22 03:26 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-22 03:28 - 2010-02-08 11:24 - 01398716 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-22 03:28 - 2009-07-14 01:13 - 00565396 ____A C:\Windows\System32\perfh008.dat
2012-09-22 03:28 - 2009-07-14 01:13 - 00091760 ____A C:\Windows\System32\perfc008.dat
2012-09-22 03:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-22 03:27 - 2009-07-13 20:51 - 00102491 ____A C:\Windows\setupact.log
2012-09-22 03:15 - 2012-09-22 03:26 - 12621696 ____A (Microsoft Corporation) C:\Users\Stav\Desktop\mseinstall.exe
2012-09-19 01:08 - 2012-09-19 01:08 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-07 10:04 - 2009-09-18 00:40 - 00624034 ____A C:\Windows\PFRO.log
2012-09-07 06:04 - 2012-09-07 08:22 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-07 03:06 - 2012-02-23 10:39 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-09-04 01:31 - 2012-09-04 01:31 - 00001204 ____A C:\Users\Stav\Desktop\WinUtilities Startup Cleaner.lnk
2012-09-03 23:46 - 2009-07-13 21:13 - 01372730 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-28 11:23 - 2012-08-28 11:23 - 00111224 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-08-28 11:23 - 2012-05-19 10:32 - 00008224 ____A C:\Users\Stav\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-27 12:50 - 2009-07-13 21:08 - 00032472 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-25 10:10 - 2012-09-02 03:44 - 734212096 ____A C:\Users\Stav\Desktop\The Raven BDRip.avi
2012-08-17 03:57 - 2009-07-13 20:45 - 00426512 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 11:28 - 2012-08-15 11:28 - 04178468 ____A C:\Users\Stav\Downloads\peripheral_driver_tv_u8000_v2_vista64.exe
2012-08-15 11:28 - 2012-08-15 11:28 - 04164783 ____A C:\Users\Stav\Downloads\peripheral_driver_tv_u8000_v2_xp32.exe
2012-08-15 11:19 - 2012-08-15 11:19 - 00001028 ____A C:\Users\Stav\Desktop\ChrisTV PVR Professional.lnk
2012-08-15 11:18 - 2012-08-15 11:17 - 05141893 ____A (Chris P.C. srl ) C:\Users\Stav\Downloads\setup_christv_5_65_pro.exe
2012-07-23 11:12 - 2012-05-19 12:03 - 00000248 ____A C:\Windows\emug3.ini
2012-07-14 10:51 - 2012-09-02 03:45 - 00093918 ____A C:\Users\Stav\Desktop\The Raven BDRip.srt

ZeroAccess:
C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}
C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\@
C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\L
C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\U
C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\U\[email protected]
C:\Windows\Installer\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\U\[email protected]

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points =========================

Restore point made on: 2012-09-06 00:10:35
Restore point made on: 2012-09-07 08:30:19
Restore point made on: 2012-09-17 23:33:16
Restore point made on: 2012-09-17 23:34:42
Restore point made on: 2012-09-22 07:26:58

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4060.88 MB
Available physical RAM: 3335.39 MB
Total Pagefile: 4059.02 MB
Available Pagefile: 3350.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:18.61 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:88.88 GB) NTFS
3 Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (HBCD 15.1) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
5 Drive g: () (Removable) (Total:7.55 GB) (Free:7.32 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7728 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 400 MB 1024 KB
Partition 2 Primary 149 GB 401 MB
Partition 3 Primary 148 GB 149 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E SYSTEM NTFS Partition 400 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C WINDOWS NTFS Partition 149 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 148 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7727 MB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Removable 7727 MB Healthy

=========================================================

Last Boot: 2012-09-17 02:05

==================== End Of Log =============================

Attached Files

  • Attached File  FRST.txt   12.27KB   88 downloads

  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,382 posts
Hello stavkon13 and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
Hi there stavkon13,
Please give me a little time to look over your log, work up a fix, then get it approved by my instructor.
  • 0

#3
stavkon13

stavkon13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
thanx a lot for your fast reply...please do take your time....
  • 0

#4
stavkon13

stavkon13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
just to add some more info , the problem started after I run microsoft security essential and removed 6-7 malwares..

Edited by stavkon13, 24 September 2012 - 01:44 PM.

  • 0

#5
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,382 posts
Hi stavcon13,
You have a ZeroAccess infection.
Let's start clearing it out. Please stay with me until we get all of it, ok?

Step 1
Download the attached file fixlist.txt to the same USB drive as FRST64

Run FRST64 as you did before, except this time click on the Fix button.
Posted Image
A log will be created on the USB drive (Fixlog.txt)
Please post that log in your next reply

Please try to start your computer normally and if it does start, please continue on to step 2

Step 2
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:
  • FRST64 log which is fixlog.txt from the USB drive
  • if you got that far, the roguekiller log file from your desktop

Attached Files


  • 0

#6
stavkon13

stavkon13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hi again...

thanks to your help the laptop booted again...I can't find the words to thank you for that...

I also run the roguekiller which was interupted after a minute or so since it found the zeroaccess malware..

I have attached both logs you asked for, and looking forward to your reply...

thanx again

Stav

Attached Files


  • 0

#7
stavkon13

stavkon13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
the previous rogue report was not in english, so I translated it for you...

I have attaxhed the translated log in this post

Attached Files


  • 0

#8
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,382 posts
Hi stavkon13,
Glad to hear the computer starts now, and thank you for the translation.
Let's clear up the rest of that infection and check to see what it may have broken....
When you get these logs, please don't attach the files, just copy and paste the contents into your next reply. If you have to put them in seperate posts, that's ok.

Step 1
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 2

Download OTL to your Desktop

  • Right click on the icon and select Run as Administrator to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

In your next reply I would like to see:
  • Roguekiller log files
  • OTL custom log
  • How is the computer running after running RogueKiller?

  • 0

#9
stavkon13

stavkon13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
just finished doing everything you told me to.....

the OTL logs are very long ....do you still want to paste the here instead of attaching the files?

btw the laptop seems to run fine so far...

thanx again for everything
  • 0

#10
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,382 posts
You can paste the logs in, I think the forum will accept a long log. If there is a problem, then you can attach.
  • 0

Advertisements


#11
stavkon13

stavkon13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
here are the 6 rkreports

-------- 1 -------------------------
RogueKiller V8.0.5 [09/23/2012] απο: Tigzy
mail: tigzyRK<at>gmail<dot>com
comments: http://www.geekstogo...13-roguekiller/
webpage: http://tigzyrk.blogspot.com

Operating system: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
user : Κατρίν [admin rights]
Mode: Scan -- Date : 09/26/2012 20:21:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F} : NameServer (213.249.17.10 213.249.39.29) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F} : NameServer (213.249.17.10 213.249.39.29) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) ->FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ infection : ZeroAccess ¤¤¤

¤¤¤ file HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ check MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3263GSX +++++
--- User ---
[MBR] 0dd9659955b71e5dbcd111d18609c5b6
[BSP] dc8aaf27d2e0c28cbd12b74791357071 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 152622 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 313391104 | Size: 152222 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: JetFlash Transcend 8GB USB Device +++++
--- User ---
[MBR] f12fd3965633a390d6e00738700cb9d4
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7727 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

completed : << RKreport[1].txt >>
RKreport[1].txt



---------------2--------------------------------

RogueKiller V8.0.5 [09/23/2012] απο: Tigzy
mail: tigzyRK<at>gmail<dot>com
comments: http://www.geekstogo...13-roguekiller/
webpage: http://tigzyrk.blogspot.com

Operating system: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
user : Κατρίν [admin rights]
Mode: Scan -- Date : 09/26/2012 20:23:11

¤¤¤ bad processes : 0 ¤¤¤

¤¤¤ registry entries : 12 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F} : NameServer (213.249.17.10 213.249.39.29) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F} : NameServer (213.249.17.10 213.249.39.29) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\L --> FOUND

¤¤¤Driver: [NOT LOADED ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ infection : ZeroAccess ¤¤¤

¤¤¤ FILE HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ check MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3263GSX +++++
--- User ---
[MBR] 0dd9659955b71e5dbcd111d18609c5b6
[BSP] dc8aaf27d2e0c28cbd12b74791357071 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 152622 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 313391104 | Size: 152222 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: JetFlash Transcend 8GB USB Device +++++
--- User ---
[MBR] f12fd3965633a390d6e00738700cb9d4
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7727 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

completed : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



================= 3 ===================================


RogueKiller V8.0.5 [09/23/2012] απο: Tigzy
mail: tigzyRK<at>gmail<dot>com
comments: http://www.geekstogo...13-roguekiller/
webpage: http://tigzyrk.blogspot.com

Operating system: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
user : Κατρίν [admin rights]
Mode: Scan -- Date : 09/26/2012 20:23:28

¤¤¤ bad processes : 0 ¤¤¤

¤¤¤ registry entries : 12 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F} : NameServer (213.249.17.10 213.249.39.29) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F} : NameServer (213.249.17.10 213.249.39.29) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) ->FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\n.) -> FOUND

¤¤¤Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\U -->FOUND
[ZeroAccess][FOLDER] L : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ infection : ZeroAccess ¤¤¤

¤¤¤ file HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤check MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3263GSX +++++
--- User ---
[MBR] 0dd9659955b71e5dbcd111d18609c5b6
[BSP] dc8aaf27d2e0c28cbd12b74791357071 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 152622 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 313391104 | Size: 152222 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: JetFlash Transcend 8GB USB Device +++++
--- User ---
[MBR] f12fd3965633a390d6e00738700cb9d4
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7727 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

completed : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



================= 4 ================================================

RogueKiller V8.0.5 [09/23/2012] απο: Tigzy
mail: tigzyRK<at>gmail<dot>com
comments: http://www.geekstogo...13-roguekiller/
webpage: http://tigzyrk.blogspot.com

Operating system: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
user : Κατρίν [admin rights]
Mode: delete -- Date : : 09/26/2012 20:23:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ registry entries : 10 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F} : NameServer (213.249.17.10 213.249.39.29) -> not removed, use DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F} : NameServer (213.249.17.10 213.249.39.29) -> not removed, use DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> replaced (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> replaced (1)
[HJ] HKLM\[...]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> replaced (0)
[HJ] HKLM\[...]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> replaced (0)
[HJ] HKLM\[...]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> replaced (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> replaced (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) ->replaced (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\n.) -> ΑΝΤΙΚΑΤΑΣΤΗΘΗΚΕ (C:\Windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders ¤¤¤
[ZeroAccess][FILE] @ : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Κατρίν\AppData\Local\{69eb9fdf-c436-9a1a-f332-aa1765417e7b}\L --> REMOVED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ infection : ZeroAccess ¤¤¤

¤¤¤ file HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ check MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3263GSX +++++
--- User ---
[MBR] 0dd9659955b71e5dbcd111d18609c5b6
[BSP] dc8aaf27d2e0c28cbd12b74791357071 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 152622 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 313391104 | Size: 152222 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: JetFlash Transcend 8GB USB Device +++++
--- User ---
[MBR] f12fd3965633a390d6e00738700cb9d4
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7727 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

completed : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


====================== 5 ===============================================


RogueKiller V8.0.5 [09/23/2012] απο: Tigzy
mail: tigzyRK<at>gmail<dot>com
comments: http://www.geekstogo...13-roguekiller/
webpage: http://tigzyrk.blogspot.com

Operating system: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
user : Κατρίν [admin rights]
Mode: delete -- Date : : 09/26/2012 20:24:32

¤¤¤bad processes : 0 ¤¤¤

¤¤¤ registry entries : 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F} : NameServer (213.249.17.10 213.249.39.29) -> not removed, use DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F} : NameServer (213.249.17.10 213.249.39.29) -> not removed, use DNSFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ infection : ¤¤¤

¤¤¤ file HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤check MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3263GSX +++++
--- User ---
[MBR] 0dd9659955b71e5dbcd111d18609c5b6
[BSP] dc8aaf27d2e0c28cbd12b74791357071 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 152622 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 313391104 | Size: 152222 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: JetFlash Transcend 8GB USB Device +++++
--- User ---
[MBR] f12fd3965633a390d6e00738700cb9d4
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7727 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

completed : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt



=================== 6 ===========================================

RogueKiller V8.0.5 [09/23/2012] απο: Tigzy
mail: tigzyRK<at>gmail<dot>com
comments: http://www.geekstogo...13-roguekiller/
webpage: http://tigzyrk.blogspot.com

Operating system: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
user : Κατρίν [admin rights]
Mode: : fixing bad shortcuts -- date : 09/26/2012 20:25:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED]¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ files that their properties have been restored: ¤¤¤
desktop: Success 1 / Fail 0
startup tools: Success 1 / Fail 0
programs: Success 30 / Fail 0
startup menu: Success 1 / Fail 0
user folder: Success 107 / Fail 0
myfiles: Success 5 / Fail 5
my favourites: Success 0 / Fail 0
my pictures : Success 0 / Fail 0
my music: Success 0 / Fail 0
my video: Success 0 / Fail 0
local drives: Success 107 / Fail 0
security copies: [NOT FOUND]

Drives
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[I:] \Device\HarddiskVolume4 -- 0x2 --> Restored

¤¤¤ infection : ¤¤¤

completed : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

Edited by stavkon13, 26 September 2012 - 12:11 PM.

  • 0

#12
stavkon13

stavkon13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
here the otl logs


========================== extras ====================================


OTL Extras logfile created on: 26/9/2012 8:29:11 μμ - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Κατρίν\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3,97 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,97% Memory free
7,93 Gb Paging File | 6,74 Gb Available in Paging File | 85,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 18,02 Gb Free Space | 12,09% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 88,88 Gb Free Space | 59,79% Space Free | Partition Type: NTFS
Drive I: | 7,55 Gb Total Space | 7,23 Gb Free Space | 95,83% Space Free | Partition Type: NTFS

Computer Name: BLANCO | User Name: Κατρίν | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-303034421-1949597625-3649350617-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{57019733-78E6-43DE-8E6D-55349F0FDE6F}" = inSSIDer 2.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EC10607-4F0B-336D-80FE-B869F4D55ABC}" = Microsoft .NET Framework 4 Client Profile ELL Language Pack
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ELL Language Pack" = Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.204.00
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{44C8ECE8-A840-44E5-BB02-CAE035DEA248}_is1" = ChrisTV PVR Professional 5.65
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{531E1936-95AC-4F7D-8071-BBE9502C670B}" = Stereoscopic Player
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{594F6A23-9FF2-4D03-8761-97483E55CE79}" = NVIDIA 3D Vision Video Player
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6D44070C-86F9-424A-B514-6907E4335BCE}" = PhoenixRC
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{830B19C7-434B-4589-BDF2-A72640F47CE5}" = Microsoft Works
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed™ Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110408-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0408-0000-0000000FF1CE}" = Πακέτο συμβατότητας για το 2007 Microsoft Office system
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Greek)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{9FEECBDA-8378-4874-AD65-D9E232BE2D11}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{B944FA21-81AF-4A77-8328-CE4F4CC51032}" = Nero 8
"{BC0DCD27-345B-4013-A6E0-67EC92DF32C8}" = Presto! PVR
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{D99F7568-803E-4C13-80DD-9403CD34F5F3}" = Clearblue Cycle Calendar
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"avast!" = avast! Antivirus
"AVI ReComp" = AVI ReComp 1.5.3
"AviSynth" = AviSynth 2.5
"CodeStuff Starter" = CodeStuff Starter
"DAEMON Tools Pro" = DAEMON Tools Pro
"Digital Media Converter_is1" = Digital Media Converter 2.78
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"ffdshow_is1" = ffdshow v1.1.3892 [2011-06-20]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Freemake Video Converter_is1" = Freemake Video Converter version 2.4.0
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Κωδικός πρόσβασης επόπτη
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA HW Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware έκδοση 1.65.0.1400
"MKVtoolnix" = MKVtoolnix 5.0.1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"RealFlightG4Pro" = RealFlight G4 R/C Simulator
"ST6UNST #1" = TestDriveV2
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"VobSub" = VobSub 2.23
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinUtilities Startup Cleaner" = WinUtilities Startup Cleaner 2.1
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.3.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-303034421-1949597625-3649350617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TimeAdjuster" = Time Adjuster STANDARD 3.1

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 6/3/2010 2:29:25 μμ | Computer Name = Blanco | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\VLC-1.0.2-WIN32.EXE failed, 00000015.

[ Application Events ]
Error - 6/9/2012 4:10:21 πμ | Computer Name = Blanco | Source = VSS | ID = 12289
Description =

Error - 6/9/2012 4:10:21 πμ | Computer Name = Blanco | Source = VSS | ID = 12289
Description =

Error - 6/9/2012 4:10:22 πμ | Computer Name = Blanco | Source = VSS | ID = 12289
Description =

Error - 6/9/2012 4:10:22 πμ | Computer Name = Blanco | Source = VSS | ID = 12289
Description =

Error - 6/9/2012 4:10:22 πμ | Computer Name = Blanco | Source = VSS | ID = 12289
Description =

Error - 6/9/2012 4:10:22 πμ | Computer Name = Blanco | Source = VSS | ID = 12289
Description =

Error - 6/9/2012 4:10:22 πμ | Computer Name = Blanco | Source = VSS | ID = 12289
Description =

Error - 6/9/2012 4:10:22 πμ | Computer Name = Blanco | Source = VSS | ID = 12289
Description =

Error - 6/9/2012 4:10:22 πμ | Computer Name = Blanco | Source = VSS | ID = 12289
Description =

Error - 6/9/2012 4:10:27 πμ | Computer Name = Blanco | Source = VSS | ID = 12289
Description =

[ System Events ]
Error - 26/9/2012 8:32:00 πμ | Computer Name = Blanco | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 26/9/2012 8:32:00 πμ | Computer Name = Blanco | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 26/9/2012 8:32:18 πμ | Computer Name = Blanco | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Αναζήτηση υπολογιστών τερματίστηκε με το ακόλουθο σφάλμα:
%%1060

Error - 26/9/2012 8:32:18 πμ | Computer Name = Blanco | Source = Service Control Manager | ID = 7003
Description = Η υπηρεσία Λειτουργικές μονάδες κλειδιών IKE και AuthIP IPsec εξαρτάται
από την ακόλουθη υπηρεσία: BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.

Error - 26/9/2012 8:32:18 πμ | Computer Name = Blanco | Source = Service Control Manager | ID = 7003
Description = Η υπηρεσία Παράγοντας πολιτικής IPsec εξαρτάται από την ακόλουθη υπηρεσία:
BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.

Error - 26/9/2012 1:15:25 μμ | Computer Name = Blanco | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 26/9/2012 1:15:25 μμ | Computer Name = Blanco | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 26/9/2012 1:15:32 μμ | Computer Name = Blanco | Source = Service Control Manager | ID = 7003
Description = Η υπηρεσία Λειτουργικές μονάδες κλειδιών IKE και AuthIP IPsec εξαρτάται
από την ακόλουθη υπηρεσία: BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.

Error - 26/9/2012 1:15:32 μμ | Computer Name = Blanco | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Αναζήτηση υπολογιστών τερματίστηκε με το ακόλουθο σφάλμα:
%%1060

Error - 26/9/2012 1:15:35 μμ | Computer Name = Blanco | Source = Service Control Manager | ID = 7003
Description = Η υπηρεσία Παράγοντας πολιτικής IPsec εξαρτάται από την ακόλουθη υπηρεσία:
BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.


< End of report >





======================================== OTL ===========================================



OTL logfile created on: 26/9/2012 8:29:11 μμ - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Κατρίν\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3,97 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,97% Memory free
7,93 Gb Paging File | 6,74 Gb Available in Paging File | 85,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 18,02 Gb Free Space | 12,09% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 88,88 Gb Free Space | 59,79% Space Free | Partition Type: NTFS
Drive I: | 7,55 Gb Total Space | 7,23 Gb Free Space | 95,83% Space Free | Partition Type: NTFS

Computer Name: BLANCO | User Name: Κατρίν | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/26 18:01:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Κατρίν\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/18 15:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/08/17 10:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2009/11/25 02:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/08/07 05:47:46 | 000,354,640 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
PRC - [2009/08/06 19:36:56 | 002,680,160 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/06/12 17:53:54 | 000,242,688 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe
PRC - [2009/06/07 23:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/03 00:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/07/23 20:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/11/25 02:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/25 02:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/25 02:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/25 02:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/09/03 21:38:26 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/30 00:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/08/06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2009/07/30 06:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/12 17:53:54 | 000,242,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/12/03 19:32:18 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/15 11:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/12/30 13:19:44 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/12/30 13:19:44 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2010/12/30 13:19:42 | 000,196,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2010/12/30 13:19:42 | 000,094,208 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2010/12/30 13:19:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/02/08 22:50:19 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/02/08 22:50:19 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010/02/08 22:50:19 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010/01/07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009/11/25 02:50:25 | 000,089,680 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2009/11/25 02:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/25 02:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/11/25 02:49:10 | 000,053,840 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2009/11/25 02:49:00 | 000,027,216 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2009/08/26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/05 15:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/08/05 13:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 13:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/28 21:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/24 12:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 04:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/07 22:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 05:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 11:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 10:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 13:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 18:53:42 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2009/05/26 18:53:42 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2009/05/26 18:53:42 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 19:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/04/29 17:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/04/22 17:35:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/03/10 16:38:10 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009/02/02 19:14:20 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/02/02 19:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/02/02 19:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008/01/18 17:16:20 | 000,125,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a016obex.sys -- (a016obex)
DRV:64bit: - [2008/01/18 17:16:18 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a016mdm.sys -- (a016mdm)
DRV:64bit: - [2008/01/18 17:16:18 | 000,130,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a016mgmt.sys -- (a016mgmt)
DRV:64bit: - [2008/01/18 17:16:16 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a016mdfl.sys -- (a016mdfl)
DRV:64bit: - [2008/01/18 17:16:14 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a016bus.sys -- (a016bus)
DRV:64bit: - [2007/07/13 07:22:50 | 000,620,040 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod7700.sys -- (mod7700)
DRV:64bit: - [2007/06/19 10:50:54 | 000,143,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816mdm.sys -- (s816mdm)
DRV:64bit: - [2007/06/19 10:50:54 | 000,129,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816unic.sys -- (s816unic)
DRV:64bit: - [2007/06/19 10:50:54 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816mgmt.sys -- (s816mgmt)
DRV:64bit: - [2007/06/19 10:50:54 | 000,121,896 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816obex.sys -- (s816obex)
DRV:64bit: - [2007/06/19 10:50:54 | 000,030,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816nd5.sys -- (s816nd5)
DRV:64bit: - [2007/06/19 10:50:48 | 000,018,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816mdfl.sys -- (s816mdfl)
DRV:64bit: - [2007/06/19 10:50:46 | 000,107,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816bus.sys -- (s816bus)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-303034421-1949597625-3649350617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-303034421-1949597625-3649350617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:blank [binary data]
IE - HKU\S-1-5-21-303034421-1949597625-3649350617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-303034421-1949597625-3649350617-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-303034421-1949597625-3649350617-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-303034421-1949597625-3649350617-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7TSEH_elGR360
IE - HKU\S-1-5-21-303034421-1949597625-3649350617-1000\..\SearchScopes\{C0B566E4-6271-4707-8110-8648FEBD5B9C}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-303034421-1949597625-3649350617-1000\..\SearchScopes\{F3BE3C06-17FB-4160-A849-6A8E76A758AC}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKU\S-1-5-21-303034421-1949597625-3649350617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.gr/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://blekko.com/ws...65045CA4C78&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/11/16 22:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 19:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 19:33:48 | 000,000,000 | ---D | M]

[2010/01/26 22:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Κατρίν\AppData\Roaming\mozilla\Extensions
[2012/09/07 19:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Κατρίν\AppData\Roaming\mozilla\Firefox\Profiles\704y6wbt.default\extensions
[2010/05/01 21:23:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Κατρίν\AppData\Roaming\mozilla\Firefox\Profiles\704y6wbt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/05/03 18:35:11 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Κατρίν\AppData\Roaming\mozilla\firefox\profiles\704y6wbt.default\extensions\[email protected]
[2012/08/30 20:11:48 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Κατρίν\AppData\Roaming\mozilla\firefox\profiles\704y6wbt.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/09/07 19:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/07 19:33:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\ΞšΞ±Ο„ΟΞ―Ξ½\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\704Y6WBT.DEFAULT\EXTENSIONS\[email protected]
[2012/09/07 19:33:51 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/08 23:45:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/04 14:05:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/04 12:31:04 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/09/04 14:05:59 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://blekko.com/ws...78&tbp=homepage
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: MicrosoftΒ® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows LiveΒ® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Presto! PVR Monitor] C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe (NewSoft)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-303034421-1949597625-3649350617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Κατρίν\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Κατρίν\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F}: NameServer = 213.249.17.10 213.249.39.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA7493A8-AFA5-4D3B-B8B1-57C846D239EE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB70C79F-78DE-42D2-BAA1-CC132FACC600}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22f964b6-cbcb-11e0-93af-701a047edaff}\Shell - "" = AutoRun
O33 - MountPoints2\{22f964b6-cbcb-11e0-93af-701a047edaff}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{22f964d9-cbcb-11e0-93af-701a047edaff}\Shell - "" = AutoRun
O33 - MountPoints2\{22f964d9-cbcb-11e0-93af-701a047edaff}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{63ae6ec1-4418-11df-9391-701a047edaff}\Shell - "" = AutoRun
O33 - MountPoints2\{63ae6ec1-4418-11df-9391-701a047edaff}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7138a7b8-ee8a-11df-b03d-decc64023cc7}\Shell - "" = AutoRun
O33 - MountPoints2\{7138a7b8-ee8a-11df-b03d-decc64023cc7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/26 20:26:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Κατρίν\Desktop\OTL.exe
[2012/09/26 20:19:59 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\Desktop\Νέος φάκελος
[2012/09/25 20:24:54 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\Desktop\RK_Quarantine
[2012/09/25 07:44:47 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/22 14:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/22 14:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/19 12:05:52 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\Desktop\rkill
[2012/09/19 12:05:17 | 001,659,808 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Κατρίν\Desktop\iExplore.exe
[2012/09/18 16:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFB13074C31540043E7CF4F147CE7
[2012/09/07 22:04:52 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\Desktop\ΣΤΑΥΡΟΣ
[2012/09/07 19:36:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/09/07 19:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/07 19:29:07 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\AppData\Local\VS Revo Group
[2012/09/07 19:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/09/07 19:23:23 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\AppData\Roaming\FileZilla
[2012/09/07 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\AppData\Roaming\Malwarebytes
[2012/09/07 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/07 19:22:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 19:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/07 19:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/04 12:31:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AppData
[2012/09/04 12:31:15 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinUtilities Startup Cleaner
[2012/09/04 12:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities Startup Cleaner
[2012/09/04 12:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinUtilities Startup Cleaner
[2012/09/04 12:30:53 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\AppData\Local\blekkotb_031
[2012/09/04 12:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2011/11/21 23:09:11 | 000,910,624 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Κατρίν\jxpiinstall.exe
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/26 20:22:49 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/26 20:22:49 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/26 20:22:00 | 000,001,184 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/26 20:20:55 | 001,379,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/26 20:20:55 | 000,621,012 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/26 20:20:55 | 000,565,396 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012/09/26 20:20:55 | 000,108,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/26 20:20:55 | 000,091,760 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012/09/26 20:18:56 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/26 20:15:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/26 20:15:15 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/26 18:01:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Κατρίν\Desktop\OTL.exe
[2012/09/25 20:20:32 | 001,391,616 | ---- | M] () -- C:\Users\Κατρίν\Desktop\RogueKiller.exe
[2012/09/22 14:50:58 | 000,037,888 | ---- | M] () -- C:\Users\Κατρίν\bkhu79m9pe.exe
[2012/09/22 14:28:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/22 14:28:20 | 001,398,716 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/19 12:08:00 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/19 12:05:30 | 001,659,808 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Κατρίν\Desktop\iExplore.exe
[2012/09/19 12:04:24 | 000,001,205 | ---- | M] () -- C:\Users\Κατρίν\Desktop\registryfix.reg
[2012/09/07 19:36:59 | 000,002,051 | ---- | M] () -- C:\Users\Κατρίν\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 14:06:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/25 20:24:47 | 001,391,616 | ---- | C] () -- C:\Users\Κατρίν\Desktop\RogueKiller.exe
[2012/09/22 14:28:24 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/22 14:26:11 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/19 12:08:00 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/19 12:04:24 | 000,001,205 | ---- | C] () -- C:\Users\Κατρίν\Desktop\registryfix.reg
[2012/08/15 22:19:22 | 000,001,376 | ---- | C] () -- C:\Windows\SysWow64\zipfapy.dll
[2012/05/30 18:32:22 | 000,037,888 | ---- | C] () -- C:\Users\Κατρίν\bkhu79m9pe.exe
[2012/05/20 18:18:02 | 000,000,141 | ---- | C] () -- C:\Windows\RealFlight.INI
[2012/05/19 23:03:02 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini
[2012/05/19 21:53:57 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2012/02/23 21:39:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/11/16 22:42:45 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/22 22:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/22 22:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/01/03 21:26:22 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/29 22:50:49 | 000,434,155 | ---- | C] () -- C:\Users\Κατρίν\toshiba.png

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 04:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 04:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 04:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 04:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll

========== LOP Check ==========

[2012/05/19 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Stav\AppData\Roaming\DAEMON Tools Pro
[2012/05/19 21:47:41 | 000,000,000 | ---D | M] -- C:\Users\Stav\AppData\Roaming\Toshiba
[2010/01/03 22:06:22 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\Autodesk
[2011/11/22 00:37:47 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\AVI ReComp
[2011/12/03 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\DAEMON Tools Pro
[2010/05/01 21:23:35 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/01/03 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012/09/07 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\FileZilla
[2011/11/21 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\mkvtoolnix
[2011/11/16 22:40:08 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\Stereoscopic Player
[2009/12/29 19:06:55 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\Toshiba
[2012/05/25 13:42:35 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\uTorrent
[2011/08/21 11:12:31 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\Vodafone

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 04:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/14 04:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 04:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/14 04:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
No service found with a name of BFE
SRV:64bit: - [2009/07/14 04:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 04:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 04:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/14 04:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/14 04:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 04:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/14 04:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/14 04:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 04:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 04:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 04:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 04:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 04:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV:64bit: - [2009/07/14 04:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 04:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 04:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 04:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 04:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 04:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/14 04:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 04:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2009/07/14 04:41:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2009/07/14 04:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2009/07/14 04:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 04:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/14 04:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/14 04:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/14 04:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2009/07/14 04:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV:64bit: - [2009/07/14 04:41:54 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/14 04:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/14 04:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2009/07/14 04:41:53 | 001,104,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/07/14 04:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 04:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 04:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 04:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/14 04:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/14 04:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/14 04:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/14 04:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2009/07/14 04:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV:64bit: - [2009/07/14 04:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/14 04:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/14 04:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 04:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/03 01:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/14 04:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 04:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/14 04:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/08/03 09:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/08/03 08:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/08/03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\SysWOW64\explorer.exe
[2009/08/03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 04:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/08/03 09:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\explorer.exe
[2009/08/03 09:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2009/07/14 04:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\SysNative\qmgr.dll
[2009/07/14 04:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/11 00:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 12:11:21 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5FFB6A441A1CA12DF3B280CFCF153DB9 -- C:\Windows\SysNative\el-GR\services.exe.mui
[2009/07/14 12:11:21 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5FFB6A441A1CA12DF3B280CFCF153DB9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_c59790583fdd9131\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 07:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 07:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 23:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 23:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/06/10 23:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 23:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/14 12:11:18 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\SysNative\el-GR\services.msc
[2009/07/14 12:11:23 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\SysWOW64\el-GR\services.msc
[2009/07/14 12:11:18 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_ffd9604416472b24\services.msc
[2009/07/14 12:11:23 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_a3bac4c05de9b9ee\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 23:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 23:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009/07/14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeCreateGlobalPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2009/07/14 04:14:59 | 000,018,944 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2156
"Last Counter" = 2172
"First Help" = 2157
"Last Help" = 2173
"Object List" = 2156
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = 01 00 14 80 90 00 00 00 A0 00 00 00 14 00 00 00 34 00 00 00 02 00 20 00 01 00 00 00 02 C0 18 00 00 00 0C 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 02 00 5C 00 04 00 00 00 00 02 14 00 FF 01 0F 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 [Binary data over 200 bytes]

< End of report >
  • 0

#13
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,382 posts
Hi,
We are making progress, but still some issues to clear up. That infection has broken some services, and there are a few things to clean up still.
Sorry about the delay in replying, work has kept me quite busy.
I have a lot of steps below for you to do, so please take your time, and if you have any questions, feel free to ask me anything.

I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • uTorrent
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

In my fix, I am disabling the Windows Sidebar, as Microsoft has determined that it is a big security risk. Please read about it here, and here
If this is really an issue with you, it can be turned back on, but I really recommend that you do not.

One more thing, you are starting to run low on disk space on your system drive. Windows is happy when there is at least %15 free space, and is happiest when above %20-%25 free. You are at %12 now, so it would be good to free up some space by uninstalling old programs, or moving data off of your c: drive soon.

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Step 1
Looks like you have more than one anti-virus installed. This is not recommended, and in this case, less is better. Having more than one will slow down your computer, and may make it less secure.
You have Avast, and Microsoft Securiy Essentials. Please pick one and let me know which you choose to keep, and I will assist you in removing the other properly.

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right-clicking on the icon, and selecting Run as Administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Blekko"
    FF - prefs.js..browser.search.order.1: "Blekko"
    FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=155598FAFAEA97D5608A465045CA4C78&q=" 
    [2012/09/22 14:50:58 | 000,037,888 | ---- | M] () -- C:\Users\Κατρίν\bkhu79m9pe.exe
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    :files
    ipconfig /flushdns /c
    :commands
    [emptytemp]
    [reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 3

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Next, please click on the links below and save the files to your desktop:
BFE
sharedaccess
wscsvc
windefend
MpsSvc
Then right click each file and select Merge
Reboot your computer when finished.

Step 4
I would like to see you set a different home page in Chrome,
  • Click the Chrome menu on the browser toolbar.
  • Select Settings.
  • Pick the page you'd like to be your home page in the "Home page" section. You can select to use the New Tab page as your home page. To use another page, click Change once you've selected "Show Home button" checkbox. You should make the page anything else other than blekko.com as it is now.

Step 5
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In your next reply I would like to see:
  • OTL quick scan
  • your choice of anti virus to keep, both avast and MSE are good products.
  • FSS.txt log

  • 0

#14
stavkon13

stavkon13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi again...

I did everything you told me to...


these are the logs I got


================== OTL log===============================================


OTL logfile created on: 29/9/2012 2:16:27 μμ - Run 2
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Κατρίν\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3,97 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 65,40% Memory free
7,93 Gb Paging File | 6,50 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 27,43 Gb Free Space | 18,41% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 88,88 Gb Free Space | 59,79% Space Free | Partition Type: NTFS

Computer Name: BLANCO | User Name: Κατρίν | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/26 18:01:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Κατρίν\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/17 10:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2009/09/24 16:51:36 | 000,157,520 | ---- | M] (NewSoft) -- C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe
PRC - [2009/09/03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/08/07 05:47:46 | 000,354,640 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
PRC - [2009/08/06 19:36:56 | 002,680,160 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/06/12 17:53:54 | 000,242,688 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe
PRC - [2009/06/07 23:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/03 00:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/07/23 20:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/03 21:38:26 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/30 00:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/08/06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2009/07/30 06:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/12 17:53:54 | 000,242,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/12/03 19:32:18 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/15 11:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/12/30 13:19:44 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/12/30 13:19:44 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2010/12/30 13:19:42 | 000,196,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2010/12/30 13:19:42 | 000,094,208 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2010/12/30 13:19:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/02/08 22:50:19 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/02/08 22:50:19 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010/02/08 22:50:19 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010/01/07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009/08/26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/05 15:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/08/05 13:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 13:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/28 21:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/24 12:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 04:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/07 22:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 05:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 11:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 10:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 13:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 18:53:42 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2009/05/26 18:53:42 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2009/05/26 18:53:42 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 19:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/04/29 17:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/04/22 17:35:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/03/10 16:38:10 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009/02/02 19:14:20 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/02/02 19:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/02/02 19:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008/01/18 17:16:20 | 000,125,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a016obex.sys -- (a016obex)
DRV:64bit: - [2008/01/18 17:16:18 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a016mdm.sys -- (a016mdm)
DRV:64bit: - [2008/01/18 17:16:18 | 000,130,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a016mgmt.sys -- (a016mgmt)
DRV:64bit: - [2008/01/18 17:16:16 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a016mdfl.sys -- (a016mdfl)
DRV:64bit: - [2008/01/18 17:16:14 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a016bus.sys -- (a016bus)
DRV:64bit: - [2007/07/13 07:22:50 | 000,620,040 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod7700.sys -- (mod7700)
DRV:64bit: - [2007/06/19 10:50:54 | 000,143,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816mdm.sys -- (s816mdm)
DRV:64bit: - [2007/06/19 10:50:54 | 000,129,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816unic.sys -- (s816unic)
DRV:64bit: - [2007/06/19 10:50:54 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816mgmt.sys -- (s816mgmt)
DRV:64bit: - [2007/06/19 10:50:54 | 000,121,896 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816obex.sys -- (s816obex)
DRV:64bit: - [2007/06/19 10:50:54 | 000,030,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816nd5.sys -- (s816nd5)
DRV:64bit: - [2007/06/19 10:50:48 | 000,018,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816mdfl.sys -- (s816mdfl)
DRV:64bit: - [2007/06/19 10:50:46 | 000,107,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816bus.sys -- (s816bus)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:blank [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7TSEH_elGR360
IE - HKCU\..\SearchScopes\{C0B566E4-6271-4707-8110-8648FEBD5B9C}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{F3BE3C06-17FB-4160-A849-6A8E76A758AC}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.gr/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/11/16 22:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 19:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 19:33:48 | 000,000,000 | ---D | M]

[2010/01/26 22:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Κατρίν\AppData\Roaming\mozilla\Extensions
[2012/09/07 19:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Κατρίν\AppData\Roaming\mozilla\Firefox\Profiles\704y6wbt.default\extensions
[2010/05/01 21:23:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Κατρίν\AppData\Roaming\mozilla\Firefox\Profiles\704y6wbt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/05/03 18:35:11 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Κατρίν\AppData\Roaming\mozilla\firefox\profiles\704y6wbt.default\extensions\[email protected]
[2012/08/30 20:11:48 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Κατρίν\AppData\Roaming\mozilla\firefox\profiles\704y6wbt.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/09/07 19:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/07 19:33:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\ΞšΞ±Ο„ΟΞ―Ξ½\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\704Y6WBT.DEFAULT\EXTENSIONS\[email protected]
[2012/09/07 19:33:51 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/08 23:45:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/04 14:05:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/04 12:31:04 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/09/04 14:05:59 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://blekko.com/ws...78&tbp=homepage
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: MicrosoftΒ® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows LiveΒ® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Presto! PVR Monitor] C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe (NewSoft)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Κατρίν\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Κατρίν\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99A58D1B-94D5-422D-8A69-8846A012F94F}: NameServer = 213.249.17.10 213.249.39.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA7493A8-AFA5-4D3B-B8B1-57C846D239EE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB70C79F-78DE-42D2-BAA1-CC132FACC600}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22f964b6-cbcb-11e0-93af-701a047edaff}\Shell - "" = AutoRun
O33 - MountPoints2\{22f964b6-cbcb-11e0-93af-701a047edaff}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{22f964d9-cbcb-11e0-93af-701a047edaff}\Shell - "" = AutoRun
O33 - MountPoints2\{22f964d9-cbcb-11e0-93af-701a047edaff}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{63ae6ec1-4418-11df-9391-701a047edaff}\Shell - "" = AutoRun
O33 - MountPoints2\{63ae6ec1-4418-11df-9391-701a047edaff}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7138a7b8-ee8a-11df-b03d-decc64023cc7}\Shell - "" = AutoRun
O33 - MountPoints2\{7138a7b8-ee8a-11df-b03d-decc64023cc7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/29 14:01:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/26 20:26:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Κατρίν\Desktop\OTL.exe
[2012/09/26 20:19:59 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\Desktop\Νέος φάκελος
[2012/09/25 20:24:54 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\Desktop\RK_Quarantine
[2012/09/25 07:44:47 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/22 14:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/22 14:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/19 12:05:52 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\Desktop\rkill
[2012/09/19 12:05:17 | 001,659,808 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Κατρίν\Desktop\iExplore.exe
[2012/09/18 16:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFB13074C31540043E7CF4F147CE7
[2012/09/07 22:04:52 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\Desktop\ΣΤΑΥΡΟΣ
[2012/09/07 19:36:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/09/07 19:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/07 19:29:07 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\AppData\Local\VS Revo Group
[2012/09/07 19:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/09/07 19:23:23 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\AppData\Roaming\FileZilla
[2012/09/07 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\AppData\Roaming\Malwarebytes
[2012/09/07 19:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/07 19:22:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 19:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/07 19:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/04 12:31:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AppData
[2012/09/04 12:31:15 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinUtilities Startup Cleaner
[2012/09/04 12:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities Startup Cleaner
[2012/09/04 12:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinUtilities Startup Cleaner
[2012/09/04 12:30:53 | 000,000,000 | ---D | C] -- C:\Users\Κατρίν\AppData\Local\blekkotb_031
[2012/09/04 12:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2011/11/21 23:09:11 | 000,910,624 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Κατρίν\jxpiinstall.exe

========== Files - Modified Within 30 Days ==========

[2012/09/29 14:18:25 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 14:18:25 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 14:11:28 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/29 14:10:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/29 14:10:47 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/29 13:22:05 | 000,001,184 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/26 20:20:55 | 001,379,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/26 20:20:55 | 000,621,012 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/26 20:20:55 | 000,565,396 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012/09/26 20:20:55 | 000,108,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/26 20:20:55 | 000,091,760 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012/09/26 18:01:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Κατρίν\Desktop\OTL.exe
[2012/09/25 20:20:32 | 001,391,616 | ---- | M] () -- C:\Users\Κατρίν\Desktop\RogueKiller.exe
[2012/09/22 14:28:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/22 14:28:20 | 001,398,716 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/19 12:08:00 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/19 12:05:30 | 001,659,808 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Κατρίν\Desktop\iExplore.exe
[2012/09/19 12:04:24 | 000,001,205 | ---- | M] () -- C:\Users\Κατρίν\Desktop\registryfix.reg
[2012/09/07 19:36:59 | 000,002,051 | ---- | M] () -- C:\Users\Κατρίν\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 14:06:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

========== Files Created - No Company Name ==========

[2012/09/25 20:24:47 | 001,391,616 | ---- | C] () -- C:\Users\Κατρίν\Desktop\RogueKiller.exe
[2012/09/22 14:28:24 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/22 14:26:11 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/19 12:08:00 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/19 12:04:24 | 000,001,205 | ---- | C] () -- C:\Users\Κατρίν\Desktop\registryfix.reg
[2012/08/15 22:19:22 | 000,001,376 | ---- | C] () -- C:\Windows\SysWow64\zipfapy.dll
[2012/05/20 18:18:02 | 000,000,141 | ---- | C] () -- C:\Windows\RealFlight.INI
[2012/05/19 23:03:02 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini
[2012/05/19 21:53:57 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2012/02/23 21:39:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/11/16 22:42:45 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/22 22:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/22 22:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/01/03 21:26:22 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/29 22:50:49 | 000,434,155 | ---- | C] () -- C:\Users\Κατρίν\toshiba.png

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 04:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 04:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 04:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 04:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll

========== LOP Check ==========

[2010/01/03 22:06:22 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\Autodesk
[2011/11/22 00:37:47 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\AVI ReComp
[2011/12/03 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\DAEMON Tools Pro
[2010/05/01 21:23:35 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/01/03 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012/09/07 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\FileZilla
[2011/11/21 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\mkvtoolnix
[2011/11/16 22:40:08 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\Stereoscopic Player
[2009/12/29 19:06:55 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\Toshiba
[2012/05/25 13:42:35 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\uTorrent
[2011/08/21 11:12:31 | 000,000,000 | ---D | M] -- C:\Users\Κατρίν\AppData\Roaming\Vodafone

========== Purity Check ==========



< End of report >


================== FSS log=======================================


Farbar Service Scanner Version: 19-09-2012
Ran by Κατρίν (administrator) on 29-09-2012 at 14:49:44
Running from "C:\Users\Κατρίν\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-14 02:25] - [2009-07-14 04:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll
[2009-07-14 02:21] - [2009-07-14 04:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll
[2009-07-14 03:09] - [2009-07-14 04:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 02:36] - [2009-07-14 04:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


btw when I restarted after the OTL fix , right after boot another txt log came up

it is the following




All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: "Blekko" removed from browser.search.defaultenginename
Prefs.js: "Blekko" removed from browser.search.order.1
Prefs.js: "http://blekko.com/ws...65045CA4C78&q=" removed from keyword.URL
C:\Users\Κατρίν\bkhu79m9pe.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\Sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\Sidebar.exe scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Κατρίν\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Stav
->Temp folder emptied: 3528935 bytes
->Temporary Internet Files folder emptied: 2491903 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 350896607 bytes
->Flash cache emptied: 49117 bytes

User: Κατρίν
->Temp folder emptied: 8626429124 bytes
->Temporary Internet Files folder emptied: 214334019 bytes
->Java cache emptied: 1054078 bytes
->FireFox cache emptied: 119834271 bytes
->Google Chrome cache emptied: 22549948 bytes
->Flash cache emptied: 72079 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6475968 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 488748176 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 180311816 bytes
RecycleBin emptied: 19049000 bytes

Total Files Cleaned = 9.571,00 mb


OTL by OldTimer - Version 3.2.68.0 log created on 09292012_140151

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\Sidebar.exe scheduled to be moved on reboot.
C:\Users\Κατρίν\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






As for the antivirus program, I chose to remove avast, as it has expired and was not in use ( I removed it from control panel).....
As for google chrome, I am not using it all, so if it causes problems we can remove it (I only use Firefox).....

Edited by stavkon13, 29 September 2012 - 06:05 AM.

  • 0

#15
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,382 posts
Hi again,
Can you tell me if the computer currently has internet access?
I think that Avast was removed completly, but I would like you to run the Avast removal tool just to be sure.
You can download the tool, called aswclear.exe, from here. Please download it to your desktop and follow the instructions on that page.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as Administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :files
    net start mpsdrv  /c
    net start MpsSvc  /c
    net start bfe /c
    net start wscsvc /c
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the log that pops up when the fix is finished which will be similiar to the one you posted in the purple text.

Step 2
Please run Farbar Service Scanner again.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In your next reply I would like to see:
  • OTL fix log
  • new FSS.txt log
  • Is the computer connecting to the internet ok?
  • Any other problems?

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP