Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Horse SHeur4.AEJT


  • Please log in to reply
6 replies to this topic

#1 Roctone

Roctone

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 13 May 2012 - 08:39 AM

Hi, recently my laptop got infected with a virus. My AVG detected tnkrlndt.sys and ehhfksjqttenkxaw.exe and mcjkiqhh.exe. For AVG to remove mcjkiqhh.exe, a restart was needed. However after restarting tnkrlndt.sys was detected and in each restart it kept detected and cant be deleted.

This all happen when i was just browsing the internet with my chrome and opera browser. Suddenly both windows were closed and the virus were detected. Since then i could not open my opera or chrome browsers.

Yesterday i scan my computer with Super Anti Spyware. However it didnt find any virus except cookies.

Today when i start my laptop, it no longer detect the tnkrlndt.sys virus anymore. I am not sure if it has gone or not.

Could u please help me in removing all these viruses.

Thank you in advance.

Here are the DDS log.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Toshiba at 22:03:50 on 2012-05-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.62.1033.18.2046.1018 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={C5FD1A1F-14ED-432F-A780-0610D4A1E865}&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&lang=en&ds=gm011&pr=sa&d=2012-04-23 22:19:50&v=11.0.0.9&sap=hp
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\toshiba\appdata\local\evrxxnbq\mcjkiqhh.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [McjKiqhh] c:\users\toshiba\appdata\local\evrxxnbq\mcjkiqhh.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [StormCodec_Helper] "c:\program files\ringz studio\storm codec\StormSet.exe" /S /opti
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANAAzADMAMwA0ADQAMgAwADQALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQA"&"prod=90"&"ver=9.0.894
StartupFolder: c:\users\toshiba\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\globet~1.lnk - c:\program files\option\globetrotter connect\GlobeTrotter Connect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Assign &hot key - c:\program files\hot keyboard pro\IEScript.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{192D37A8-B950-4496-A087-99DF7CB1F075} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{2EC78FCC-6131-4776-BE3D-EC28142715D3} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{2EC78FCC-6131-4776-BE3D-EC28142715D3}\C696E6B6379737 : DhcpNameServer = 202.73.99.4 61.247.0.2 202.73.99.2
TCP: Interfaces\{EFA3F16D-973F-45B3-A210-0CBB3061CEC4} : DhcpNameServer = 202.155.0.10 202.155.0.15
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\ltcs2asj.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bd886b5a2-9c7b-49bc-bad2-6e31bd0c083f%7D&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-23%2022%3A19%3A50
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd886b5a2-9c7b-49bc-bad2-6e31bd0c083f%7D&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-23%2022%3A19%3A50&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_221\npaosmgr.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 3\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 3\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 3\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-24 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-26 40960]
R2 GtDetectSc;GtDetectSc;c:\program files\option\globetrotter connect\GtDetectSc.exe [2007-12-18 196704]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-4 126976]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-23 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-13 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-16 48472]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-19 20352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-28 25112]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-19 937984]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-6-22 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-6-22 79360]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-10 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-05-11 14:10:33 -------- d-----w- c:\users\toshiba\appdata\local\evrxxnbq
2012-05-10 05:01:23 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 05:01:16 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 05:01:15 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 05:01:15 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 05:01:15 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 05:01:01 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 05:01:01 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 05:01:00 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 05:00:58 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 05:00:57 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 05:00:57 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 05:00:57 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 05:00:57 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 05:00:57 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 04:07:38 -------- d-----w- c:\users\toshiba\appdata\roaming\MathWorks
2012-05-03 10:35:31 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-02 12:34:09 -------- d-----w- c:\users\toshiba\appdata\local\Opera
2012-05-02 12:24:55 -------- d-----w- c:\program files\SopCast
2012-04-23 12:20:03 -------- d-----w- c:\users\toshiba\appdata\local\AVG Secure Search
2012-04-23 12:19:48 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-23 12:19:43 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-04-23 12:19:41 -------- d-----w- c:\program files\AVG Secure Search
2012-04-14 03:40:06 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 03:40:04 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 03:40:03 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 03:40:02 158720 ----a-w- c:\windows\system32\imagehlp.dll
.
==================== Find3M ====================
.
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-25 01:48:10 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-02-25 01:48:09 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-25 01:48:08 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-02-25 01:48:03 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-02-25 01:47:58 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-02-25 01:47:57 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-25 01:47:57 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-25 01:47:56 107520 ----a-w- c:\windows\system32\cdd.dll
2012-02-25 01:47:53 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-25 01:47:51 3181568 ----a-w- c:\windows\system32\mf.dll
2012-02-25 01:47:49 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
============= FINISH: 22:05:55.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:16 PM

Posted 13 May 2012 - 10:41 AM

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

unite_blue.png

Please post the final results, good or bad. We like to know!


#3 Roctone

Roctone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 14 May 2012 - 04:41 AM

OTL logfile created on: 5/14/2012 7:30:38 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Toshiba\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.12% Memory free
4.00 Gb Paging File | 2.69 Gb Available in Paging File | 67.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 15.51 Gb Free Space | 6.95% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-PC | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 19:17:48 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/05/14 18:34:16 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/05/14 02:11:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/23 22:19:47 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/05/05 15:10:18 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/02/10 12:27:46 | 018,784,440 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 11:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2008/07/11 12:32:12 | 000,782,336 | ---- | M] (Option) -- C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
PRC - [2008/01/26 09:43:22 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008/01/23 08:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/01/23 05:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/18 10:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/18 10:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/30 03:06:02 | 000,430,080 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/12/26 07:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/12/18 11:48:40 | 000,196,704 | ---- | M] (OptionNV) -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
PRC - [2007/12/04 11:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 11:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/26 11:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/09/29 10:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/06/16 15:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/02/13 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/24 10:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/26 03:35:48 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/14 19:17:59 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/14 19:17:59 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/14 18:34:16 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/04/23 22:19:48 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2011/09/30 17:25:16 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/30 17:25:16 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/09/19 20:34:16 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/01/23 05:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2007/12/30 03:06:02 | 000,430,080 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
MOD - [2007/12/26 06:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 15:28:38 | 004,726,784 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2006/12/02 11:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/11 05:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 05:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2006/05/26 23:29:34 | 002,117,632 | ---- | M] () -- C:\Windows\System32\ffdshow.ax
MOD - [2006/05/26 03:35:48 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2002/12/27 12:18:58 | 000,098,304 | ---- | M] () -- C:\Program Files\Ringz Studio\Storm Codec\Codecs\TTL2Dec.dll
MOD - [2002/08/22 17:28:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Ringz Studio\Storm Codec\Codecs\Vid1Dec.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/03 20:35:26 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/23 22:19:47 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/05/05 16:45:34 | 000,070,984 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2010/05/05 15:10:18 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/03/10 00:03:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/29 02:02:00 | 003,407,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/02/18 17:36:14 | 001,553,704 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/18 10:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/26 07:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/18 11:48:40 | 000,196,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/12/04 11:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 11:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/30 18:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/09/29 10:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/08/11 23:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/02/13 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/24 10:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/07/23 02:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/24 01:49:23 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/07/28 23:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/11/24 20:11:41 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/13 17:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/09/21 16:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 09:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 08:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 17:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/17 10:05:30 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/18 17:36:14 | 000,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/18 17:36:14 | 000,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/18 17:36:04 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/02/18 15:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008/02/08 11:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2008/02/01 13:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008/01/16 04:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/12/18 05:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/10 08:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/18 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/01 11:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/03/30 11:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006/10/24 10:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/19 05:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={C5FD1A1F-14ED-432F-A780-0610D4A1E865}&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&lang=en&ds=gm011&pr=sa&d=2012-04-23 22:19:50&v=11.0.0.9&sap=hp
IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\..\SearchScopes\{48CCB72F-2F42-4059-AFEC-E0E27AE934E0}: "URL" = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=b&ychte=au
IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C5FD1A1F-14ED-432F-A780-0610D4A1E865}&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&lang=en&ds=AVG&pr=fr&d=2012-05-14 18:34:17&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\..\SearchScopes\{AED83620-8B26-40A7-A4DB-75C43D63C62C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2139651976-329313198-604098191-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7Bd886b5a2-9c7b-49bc-bad2-6e31bd0c083f%7D&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-23%2022%3A19%3A50"
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.8.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: support@auto-hide-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bd886b5a2-9c7b-49bc-bad2-6e31bd0c083f%7D&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-23%2022%3A19%3A50&sap=ku&q="
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Ringz Studio\Storm Codec\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Ringz Studio\Storm Codec\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2010/04/30 23:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 21:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/14 18:32:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/23 22:19:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/14 18:32:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 3\components [2012/05/03 20:35:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins [2012/02/26 00:21:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 21:49:38 | 000,000,000 | ---D | M]

[2009/11/24 23:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Extensions
[2012/05/03 01:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\ltcs2asj.default\extensions
[2011/04/09 11:36:29 | 000,000,000 | ---D | M] (Auto Hide IP) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\ltcs2asj.default\extensions\support@auto-hide-ip.com
[2012/05/14 18:32:35 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/04/23 22:19:58 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search ()
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={C5FD1A1F-14ED-432F-A780-0610D4A1E865}&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&lang=en&ds=gm011&pr=sa&d=2012-04-23 22:19:50&v=11.0.0.9&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - Extension: AT_SuperMonkeyBall = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjpneodhhegapgagpdeeahiomeiagidi\3\
CHR - Extension: AVG Safe Search = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829\
CHR - Extension: AVG Safe Search = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857\
CHR - Extension: AVG Safe Search = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901\
CHR - Extension: AVG Safe Search = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161\

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti File not found
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-2139651976-329313198-604098191-1003..\Run: [McjKiqhh] C:\Users\Toshiba\AppData\Local\evrxxnbq\mcjkiqhh.exe File not found
O4 - HKU\S-1-5-21-2139651976-329313198-604098191-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2139651976-329313198-604098191-1003..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-2139651976-329313198-604098191-1003..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2139651976-329313198-604098191-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2139651976-329313198-604098191-1003..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2139651976-329313198-604098191-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Assign &hot key - C:\Program Files\Hot Keyboard Pro\IEScript.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{192D37A8-B950-4496-A087-99DF7CB1F075}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EC78FCC-6131-4776-BE3D-EC28142715D3}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFA3F16D-973F-45B3-A210-0CBB3061CEC4}: DhcpNameServer = 202.155.0.10 202.155.0.15
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Toshiba\AppData\Local\evrxxnbq\mcjkiqhh.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Toshiba\Pictures\Reborn.bmp
O24 - Desktop BackupWallPaper: C:\Users\Toshiba\Pictures\Reborn.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2f3d30e8-280b-11e1-a30f-f3662feaf473}\Shell - "" = AutoRun
O33 - MountPoints2\{2f3d30e8-280b-11e1-a30f-f3662feaf473}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{57608aff-ef7e-11de-adc2-001e68d39b95}\Shell - "" = AutoRun
O33 - MountPoints2\{57608aff-ef7e-11de-adc2-001e68d39b95}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{57608b03-ef7e-11de-adc2-001e68d39b95}\Shell - "" = AutoRun
O33 - MountPoints2\{57608b03-ef7e-11de-adc2-001e68d39b95}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5cb4ed30-1d93-11e1-bc1b-87ab9650ee2f}\Shell - "" = AutoRun
O33 - MountPoints2\{5cb4ed30-1d93-11e1-bc1b-87ab9650ee2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5cb4ed32-1d93-11e1-bc1b-87ab9650ee2f}\Shell - "" = AutoRun
O33 - MountPoints2\{5cb4ed32-1d93-11e1-bc1b-87ab9650ee2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2ac7f1e-f04b-11de-b36c-001e68d39b95}\Shell - "" = AutoRun
O33 - MountPoints2\{b2ac7f1e-f04b-11de-b36c-001e68d39b95}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b2ac7f20-f04b-11de-b36c-001e68d39b95}\Shell - "" = AutoRun
O33 - MountPoints2\{b2ac7f20-f04b-11de-b36c-001e68d39b95}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c5a7f102-19ef-11df-8c60-001e68d39b95}\Shell - "" = AutoRun
O33 - MountPoints2\{c5a7f102-19ef-11df-8c60-001e68d39b95}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 18:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/14 18:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/14 02:10:59 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2012/05/12 22:09:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Toshiba\Desktop\dds.scr
[2012/05/12 00:10:33 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\evrxxnbq
[2012/05/08 14:08:01 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\MATLAB
[2012/05/08 14:07:38 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\MathWorks
[2012/05/03 20:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 20:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/02 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Opera
[2012/05/02 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Opera
[2012/05/02 22:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/05/02 22:24:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/05/02 22:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/05/02 22:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2012/04/23 22:20:03 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\AVG Secure Search
[2012/04/23 22:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/04/23 22:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2010/08/17 14:32:28 | 000,335,752 | ---- | C] (Konami Digital Entertainment Co., Ltd.) -- C:\Users\Toshiba\AppData\Roaming\autorun.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/14 19:18:52 | 098,133,237 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/14 19:17:06 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/14 19:13:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 19:13:15 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 19:12:12 | 000,008,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 19:12:12 | 000,008,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 18:34:27 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/14 02:11:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2012/05/13 01:59:53 | 000,454,383 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/12 22:12:38 | 000,294,216 | ---- | M] () -- C:\Users\Toshiba\Desktop\gmer.zip
[2012/05/12 22:09:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Toshiba\Desktop\dds.scr
[2012/05/12 22:08:03 | 000,050,477 | ---- | M] () -- C:\Users\Toshiba\Desktop\Defogger.exe
[2012/05/11 21:30:07 | 000,450,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/11 03:17:32 | 000,708,666 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/11 03:17:32 | 000,143,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/02 22:34:01 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/05/02 22:24:55 | 000,000,960 | ---- | M] () -- C:\Users\Toshiba\Desktop\SopCast.lnk
[2012/04/23 22:20:08 | 000,001,190 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/04/23 22:20:08 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/12 22:13:37 | 000,302,592 | ---- | C] () -- C:\Users\Toshiba\Desktop\gmer.exe
[2012/05/12 22:12:31 | 000,294,216 | ---- | C] () -- C:\Users\Toshiba\Desktop\gmer.zip
[2012/05/12 22:07:46 | 000,050,477 | ---- | C] () -- C:\Users\Toshiba\Desktop\Defogger.exe
[2012/05/12 00:19:42 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/05/08 13:59:54 | 000,645,120 | ---- | C] () -- C:\Windows\System32\config.gms
[2012/05/02 22:34:01 | 000,001,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/05/02 22:34:01 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/05/02 22:24:55 | 000,000,960 | ---- | C] () -- C:\Users\Toshiba\Desktop\SopCast.lnk
[2011/10/03 21:41:23 | 000,170,203 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011/05/02 23:37:47 | 000,000,235 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\devices.xml
[2011/05/02 23:37:47 | 000,000,012 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\settings.xml

========== LOP Check ==========

[2010/08/30 23:17:48 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\AutoHideIP
[2011/10/15 14:52:43 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\AVG2012
[2011/05/27 22:31:53 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\AVG9
[2011/02/24 01:50:58 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DAEMON Tools Lite
[2009/11/24 23:08:02 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\FlashGet
[2011/05/25 23:56:40 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Hot Keyboard
[2011/08/08 21:01:52 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Hot Keyboard Pro Backup
[2010/04/06 02:24:00 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ooVoo Details
[2012/05/02 22:34:09 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Opera
[2009/11/24 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\toshiba
[2012/02/23 18:09:00 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Total Immersion
[2010/01/06 04:40:59 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/11/24 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Ulead Systems
[2012/03/03 00:25:12 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Umxoo
[2012/03/03 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Unpiem
[2012/05/14 02:30:30 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\uTorrent
[2012/03/03 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Ybekfa
[2012/04/12 17:22:56 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 5/14/2012 7:30:38 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Toshiba\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.12% Memory free
4.00 Gb Paging File | 2.69 Gb Available in Paging File | 67.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 15.51 Gb Free Space | 6.95% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-PC | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B7BEA1-3BC9-4BC8-B391-82D8FEB03D38}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0AA1212D-E539-42A2-A717-4D8E10618725}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E093524-BD0E-46BB-BDA3-20568D166967}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E2C709E-B52D-4026-8AC7-FFF6FF07259D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{0FF7EC9E-16BD-43CD-9C80-DE63FD871454}" = rport=138 | protocol=17 | dir=out | app=system |
"{1367E496-F913-4DC5-9570-3576BD60CC47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{19EBF6D2-F1A5-4E63-9675-A2B90366CBC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BDDC723-4C41-405D-95B8-AC5FA6F8A56B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2361F03D-DD10-443C-8D53-F539769136C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A7DBD62-8A3A-4D52-B845-A20AD6D9586B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2F1CAB05-DF37-4D2C-9F70-2B2D0FF3F800}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36FDBCBF-53CB-49F9-906D-3BA7E517550D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{46579042-754E-4725-B8BD-7858C29D01A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{50B40DB2-A438-4A01-BAF8-BF395E2A8C22}" = lport=445 | protocol=6 | dir=in | app=system |
"{6029D141-18DD-4CE7-8178-50E2E2EBB6B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{79DA7968-B8B5-4FE7-8C27-8DA418B9641C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{870EC463-7010-4F41-8EBF-872DB5CEEDB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D6A1DDE-F773-4AF3-9EFE-935F57CDE35E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A5A365D8-194B-416D-AC4F-01DBDB372E89}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A962E3E1-0D83-4A5C-BC91-CDD9F0FD8A8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AD1DF169-C7AF-4D52-AAD7-90650B2D7FDE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC72F5C0-54C9-46AE-AC20-6F6B8685387D}" = lport=138 | protocol=17 | dir=in | app=system |
"{C3C749AE-FB1F-4F0A-9CC3-FF700A8A6900}" = lport=139 | protocol=6 | dir=in | app=system |
"{C52E783E-20DB-4C1B-BCCF-24B70CFD7FA6}" = rport=445 | protocol=6 | dir=out | app=system |
"{D8274229-B0C0-43DA-B409-F5EDAC76B0F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE977D97-72ED-4BD8-86E0-D4BCB3437209}" = rport=137 | protocol=17 | dir=out | app=system |
"{F435EDDE-0A7D-48B7-A3D6-EB86154C42C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022B416C-ACBA-4C74-956C-C8910B6A4921}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{043599CE-B326-40FD-89D2-8FB36759D554}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{04C020D6-7456-4C81-9C13-472F5CCB7C05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{051ABD1C-7C18-43E8-B707-157F3B4DCA68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{07F6E599-9A3E-40D2-86C3-1DE7E63ACD8D}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{0C8E1DB6-C957-459F-AC08-2C35D54CE384}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{0E11280A-4AC8-4BF5-9A4D-1D1C3F26513A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0F4D982C-FDF9-48A4-9375-89F406A5011D}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{1615B2BD-8565-4874-B043-3D2DC9ADF362}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{169F69BC-D6AC-40BF-A1FE-628E98CAEA8C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1C65D64E-CC81-4316-ACAF-AFDA07974F17}" = protocol=6 | dir=in | app=c:\program files\wizet\maplestorysea\crypticsea.exe |
"{1EBD38DE-33CF-4EA4-96C5-044608C949DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28EBDCF4-0431-4854-8077-D6657495F817}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DC59D08-7A7F-4619-86FF-47AE68ADAA22}" = protocol=6 | dir=in | app=c:\program files\wizet\maplestorysea\nirohsea v1.02.exe |
"{2F3C5626-A330-4147-8E34-5C8663A54DA6}" = protocol=17 | dir=in | app=c:\program files\wizet\maplestorysea\aurasea.exe |
"{3125E139-BA7F-4C07-8D98-8CFB7B0978B7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{31A19865-9F8B-4E0E-B803-541A769EB9FD}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{32CAC02C-5E28-46F3-B9F9-CE8906A66F2F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{3469454E-8447-44D6-A8FE-34EF19DE66ED}" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"{38D086D7-3534-4AF2-B705-5D549A18A6B3}" = protocol=6 | dir=in | app=c:\program files\wizet\maplestorysea\hshield\hsupdate.exe |
"{3C5EB4A5-5FB5-45D7-A9A0-D62FEC78BE69}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{429C64A6-AF59-42E5-B19C-B05807722C98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44D5FCEB-20B1-4E98-A6C5-16E2DEF2A030}" = protocol=17 | dir=in | app=c:\program files\wizet\maplestorysea\hshield\hsupdate.exe |
"{45BE64BB-5D2F-456E-8342-BBC16D33D887}" = protocol=6 | dir=in | app=c:\users\toshiba\desktop\games\celinosea.exe |
"{46896408-CE4A-4D95-83DE-D46C7851FB5D}" = protocol=17 | dir=in | app=c:\users\toshiba\desktop\games\celinosea.exe |
"{469B4B6F-6BDC-4851-8DAE-2D2CC049EC42}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{4B79D78F-43A1-44EC-AB98-E2C2F24C0D32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BA88828-BAC0-4B42-B78B-C07074662A6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{4C4693FA-4935-4514-BA4A-345EA390D5BC}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{4DBE8BC9-6BAF-4C06-9D83-A0293BC14A63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4F470E62-5871-4A6A-9BA5-D17EFCA0F91E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5133E2B3-C27E-47DD-82C2-AA622513E79A}" = protocol=6 | dir=in | app=c:\users\toshiba\desktop\maplestory\arcanems.exe |
"{5472AA49-09CB-4325-A207-F97BB674EFC4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{617DCBAA-244D-48B2-9C9F-D824D1C795A0}" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"{6443331D-0238-43B1-B46A-54E321F7A4A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6723FF9C-8DA8-4F36-92F3-AF093EA49AF2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{68E8CB32-1AA7-440F-9340-267BAFBE3B28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6944D43C-AC22-4772-85F4-1CA53A0CE606}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6D8DCC8F-8C71-43D8-82CE-F94A9AA63CEF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{6F1A10FB-BB09-45BB-8C5B-F197D8DA6D09}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{735D1A22-1014-4596-9078-9593CE9C47B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7CF2CCFF-959D-4F24-90B3-6C37297CEFCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D906D51-16B9-4733-A2A9-98CEE82DB562}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{7E25B097-401A-497B-AFC7-F3D18CFBD0DE}" = protocol=17 | dir=in | app=c:\users\toshiba\desktop\maplestorysea\crypticsea.exe |
"{7FB2831E-FBFA-4571-9DD8-2E3C3C28B4C4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{8181FD6A-DC48-4C2D-8DEE-5371084BBE76}" = protocol=6 | dir=out | app=system |
"{84F35331-6BAC-4FA2-ACCB-A4489E66366B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{85B4078D-1850-469B-9A5B-D390DB21870E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{8AE86A61-8182-4830-A58D-3F839F0C7A82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FFDFC79-ED4B-4D78-8999-993CF8A0FF8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{903384A6-5F95-43F9-9836-8267946C0174}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{914F4A56-5FD0-4775-A409-CF2C8BB67C5E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{91DB1094-6C8A-4976-AFF5-65D7341FEEDC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{9490466B-6020-4AF0-939A-EDF2A71A115E}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{9775C80A-B986-466C-BC91-B17E9CAA816D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{97FD03F0-E5FD-4836-B16A-64CC803D54E2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{99960CAC-F042-4AEF-B5B6-804747CD4B1C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{9AACFA06-F3A1-46D3-9808-4F206D18BBAD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C5AC7FD-0F68-4D4E-A915-AB3B54E18AA4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{9FCC8539-526F-4851-B889-F345F13AA499}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A5C223C4-DF0E-4091-ABBC-CC8FA3F0E48B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A996B659-670A-4174-B9C2-83B259760457}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{B0B9F92E-9DE7-4228-873A-424E6A07A57D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B3BB0F1F-94F7-4A9D-96E0-5C52B15A3C62}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{B6471A17-62E8-4E68-86F8-0DEF48DBBF8D}" = protocol=6 | dir=in | app=c:\users\toshiba\desktop\maplestorysea\crypticsea.exe |
"{B6AEF286-661B-4F28-82F3-E8B8AAAFF471}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BCA2373A-C360-462F-BF86-52FCE98480FE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BD1332C1-78E0-4B10-8EF1-E827F204D989}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{BEE0F5A5-6F1C-4710-80F6-A61F29B6792E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C46579F0-1CA7-4715-904C-63CC05509740}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C5A2E272-24D3-424D-88BD-7B6299A2BF20}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CEBCCDF9-3FB4-4A16-A7FB-7112DEC54E39}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{D0AAE9A7-097F-46B9-A3B9-F2262C4CBF0C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D20B9711-E5FB-4CEC-B0E3-C967EC1D1EF3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D22CC142-1BC2-4FD0-840F-A5E4BA142A5E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{D58404B4-7E0F-4517-99A3-CA0D1B4CA4A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D61B7520-9141-427A-A059-42099E736B8C}" = protocol=17 | dir=in | app=c:\users\toshiba\desktop\maplestory\arcanems.exe |
"{D757B8BC-4F04-442C-8D1F-1DDE8F0C0877}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{DB326C69-1221-4C62-B824-4C7941B75793}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{DB8490D2-D8DE-411D-A5B2-2E679520526A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DCA3D9A6-D001-4DF9-9452-FDA4BBD3D32D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{DE35235B-BEDD-475D-A4C0-BF023DBAE55A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E143C883-9BD4-44E4-9198-69C8AF72B612}" = protocol=17 | dir=in | app=c:\program files\wizet\maplestorysea\nirohsea v1.02.exe |
"{E18C2C2B-E52E-46C4-8D0E-07C4562C7E9B}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{E21D305C-988E-41AF-9CB8-8AFEDCC69A8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6B5E7DC-2150-45D8-9E66-9CE4B653242D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E7FD2E2B-2C7E-43A4-89E1-F5C63CCF6D47}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{E9219207-E81A-4CEA-9045-27E128990709}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA1A0923-C2A3-4AAE-990A-815DD9BA3A66}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{ECA92DA8-3941-4133-9953-C3A835EA2376}" = protocol=6 | dir=in | app=c:\program files\wizet\maplestorysea\aurasea.exe |
"{ED1D2E5D-AE15-4FF2-B511-AFC9989A5C2B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EF74F777-6AA6-4337-8987-A068B40B6083}" = protocol=58 | dir=in | app=system |
"{F05C547C-08B9-482F-B18F-B49202729433}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{F49023B1-FC6B-4730-B2BE-A6FDBDAB95CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F6D63A0C-EA31-4D5C-B5D9-31EBB0DA3AD6}" = protocol=6 | dir=in | app=c:\nexon\maplestory\arcanems.exe |
"{F87B7164-A329-4F22-89E7-2823B1BA95C8}" = protocol=17 | dir=in | app=c:\nexon\maplestory\arcanems.exe |
"{FACA7C65-E761-4D5D-85A4-3D562272D362}" = protocol=17 | dir=in | app=c:\program files\wizet\maplestorysea\crypticsea.exe |
"{FD899718-FD8E-45C5-B8E2-9FA398FD5297}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"TCP Query User{051E76FD-E7AB-43B6-9C81-057A4A5D285A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{13C0A649-91F3-4D8C-BB2A-D0756C2AF79B}C:\users\toshiba\desktop\maplestory\arcanems.exe" = protocol=6 | dir=in | app=c:\users\toshiba\desktop\maplestory\arcanems.exe |
"TCP Query User{1A5F2578-0DA5-440E-9BFF-09A6CC4B90B0}C:\program files\wizet\maplestorysea\hshield\hsupdate.exe" = protocol=6 | dir=in | app=c:\program files\wizet\maplestorysea\hshield\hsupdate.exe |
"TCP Query User{2C6B01FA-2C8A-4B46-B7CB-8BE9AA7C10E1}C:\users\toshiba\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\toshiba\desktop\warcraft iii\war3.exe |
"TCP Query User{3D05B043-D1DC-4B25-9742-53146CB73804}C:\users\toshiba\desktop\valve\hl.exe" = protocol=6 | dir=in | app=c:\users\toshiba\desktop\valve\hl.exe |
"TCP Query User{3EEA4010-00C6-48F7-A73D-C1A67CA0EA76}C:\users\toshiba\desktop\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\toshiba\desktop\games\warcraft iii\war3.exe |
"TCP Query User{4A8AFD3A-F62C-41FF-A375-917F7C5B6614}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{508C274C-E788-4414-A4A5-8523D9B38E89}C:\users\toshiba\desktop\maplestorysea\crypticsea.exe" = protocol=6 | dir=in | app=c:\users\toshiba\desktop\maplestorysea\crypticsea.exe |
"TCP Query User{6B676F0B-6F89-47E7-BE22-6ADFD0F7B3D4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{70BA180C-AEED-426A-A858-6DFB0E9507D2}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{7C57ECBE-84E7-4211-ABF6-636BD5981312}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{82513C28-324E-4F7F-AFD3-934223E80F68}C:\program files\wizet\maplestorysea\aurasea.exe" = protocol=6 | dir=in | app=c:\program files\wizet\maplestorysea\aurasea.exe |
"TCP Query User{899B92B5-381C-41FD-901F-D77A178D46F3}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{902143A7-5E90-4D3F-9B0A-75969A7A68F3}C:\nexon\maplestory\arcanems.exe" = protocol=6 | dir=in | app=c:\nexon\maplestory\arcanems.exe |
"TCP Query User{90ABB91C-EFCB-480E-884E-B2999327EC30}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=6 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"TCP Query User{91A2E666-E6B6-4693-8FF0-8BF11586C639}C:\users\toshiba\desktop\games\celinosea.exe" = protocol=6 | dir=in | app=c:\users\toshiba\desktop\games\celinosea.exe |
"TCP Query User{9A069C63-BF75-4E35-9D08-58C323675FB8}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{A5373B25-2E65-4C8D-AC19-747035FB3831}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{A9ADE3D4-99D5-4945-AF50-3B6D70D5D341}C:\users\toshiba\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\toshiba\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{B515FFD1-6B44-4B02-B445-8462BB1EB4E8}C:\program files\mozilla firefox 3.6 beta 3\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.6 beta 3\firefox.exe |
"TCP Query User{D38B9ABC-638E-454D-8DD9-F6A54596FABB}C:\program files\wizet\maplestorysea\crypticsea.exe" = protocol=6 | dir=in | app=c:\program files\wizet\maplestorysea\crypticsea.exe |
"TCP Query User{EDC1C737-D68C-4D28-9F81-0F322DEC4597}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{EED1F7A6-4A3E-4BB2-96AA-4B8E71B0D393}C:\program files\wizet\maplestorysea\nirohsea v1.02.exe" = protocol=6 | dir=in | app=c:\program files\wizet\maplestorysea\nirohsea v1.02.exe |
"UDP Query User{079597E5-400E-40AC-9952-C41ADC99BBE8}C:\program files\wizet\maplestorysea\aurasea.exe" = protocol=17 | dir=in | app=c:\program files\wizet\maplestorysea\aurasea.exe |
"UDP Query User{25D846AA-581A-4601-84E6-D5CBAD7E940A}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{30911311-04C0-452C-AE20-8644D1303E47}C:\program files\wizet\maplestorysea\nirohsea v1.02.exe" = protocol=17 | dir=in | app=c:\program files\wizet\maplestorysea\nirohsea v1.02.exe |
"UDP Query User{3E9A47C9-FE6B-4540-94CB-1578E396DA3A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{453FB417-515E-46FE-96B5-1C3CE0C8E786}C:\users\toshiba\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\toshiba\desktop\warcraft iii\war3.exe |
"UDP Query User{4A7D833A-ED2D-4F6F-8791-83F8FE1BC9C4}C:\users\toshiba\desktop\maplestory\arcanems.exe" = protocol=17 | dir=in | app=c:\users\toshiba\desktop\maplestory\arcanems.exe |
"UDP Query User{61543653-01EC-4A44-B8CA-FB647873C09B}C:\users\toshiba\desktop\maplestorysea\crypticsea.exe" = protocol=17 | dir=in | app=c:\users\toshiba\desktop\maplestorysea\crypticsea.exe |
"UDP Query User{74A7AD01-18F1-4CED-9F1E-9F4373ABD343}C:\users\toshiba\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\toshiba\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{78288C1A-59CB-4B22-B470-94A9C8E1A0E4}C:\users\toshiba\desktop\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\toshiba\desktop\games\warcraft iii\war3.exe |
"UDP Query User{7D947202-C4B1-4B32-B781-6C61BEACF2B7}C:\users\toshiba\desktop\valve\hl.exe" = protocol=17 | dir=in | app=c:\users\toshiba\desktop\valve\hl.exe |
"UDP Query User{86256DE7-19E3-4982-A14F-D45BF7C59DF2}C:\users\toshiba\desktop\games\celinosea.exe" = protocol=17 | dir=in | app=c:\users\toshiba\desktop\games\celinosea.exe |
"UDP Query User{8705BCA6-C323-4AB4-A92C-B2BA2C51D5BA}C:\program files\wizet\maplestorysea\crypticsea.exe" = protocol=17 | dir=in | app=c:\program files\wizet\maplestorysea\crypticsea.exe |
"UDP Query User{88EDDBED-65F3-4031-B72E-B9CFCEF7B77F}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{910222D8-A121-4229-AC3A-E7232E3413AD}C:\nexon\maplestory\arcanems.exe" = protocol=17 | dir=in | app=c:\nexon\maplestory\arcanems.exe |
"UDP Query User{914588C6-5ECA-4CFA-8D8D-5BC53C0C0D34}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{980A94E0-AA0B-4301-85EC-CDDC9460331C}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=17 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"UDP Query User{98BF1C6E-530D-46BB-B125-E3044E9BA73D}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{CC12C530-B45D-48ED-A63A-E8936E94E9A2}C:\program files\wizet\maplestorysea\hshield\hsupdate.exe" = protocol=17 | dir=in | app=c:\program files\wizet\maplestorysea\hshield\hsupdate.exe |
"UDP Query User{CDD78F94-B6EC-4C45-91DC-0D9CAF9CBFA7}C:\program files\mozilla firefox 3.6 beta 3\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.6 beta 3\firefox.exe |
"UDP Query User{D3DFCD7C-3F42-4A8C-B153-6EB3BDE8FB1B}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D4426F7A-D2FB-40FA-A44B-A9443E431430}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{E79DBA25-4853-44D5-B71E-C97EC9F99A53}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{F046FD6B-1B01-4272-8329-9642DD89C568}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{024558D8-272F-C7C8-4F6D-6FE689B5DC52}" = Catalyst Control Center Localization Japanese
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{12C5D938-B138-4f05-B26D-655046B8AEC0}" = QuickBooks Premier: Student Edition V19
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17D894FE-B31B-433C-B78D-01DAC8D31DC0}" = GameGuard
"{1A5A851C-B8B4-CD8E-920B-EE21B9E4FE31}" = Catalyst Control Center Graphics Full Existing
"{1C92C419-4DAA-4B9B-B04F-C2E3CDEDCAF9}" = SoftwareManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D7D6A0E-A6A7-1080-980C-67FB8E20D93D}" = ccc-utility
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F2C3691-E3CB-6066-514D-729BB881216D}" = CCC Help Dutch
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3686ED2F-634B-45EE-84BB-18D17119A582}" = Minitab16
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E1E4AB9-C017-746E-92E6-B30A0429E986}" = CCC Help Korean
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{411949AB-6EE8-4C62-9C72-EBC93B6A7935}" = AVG 2012
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A130340-74D9-27C0-0F3D-3F9A69CF938C}" = CCC Help French
"{4A944E94-F6E9-9D38-5C5B-B1E5597EB742}" = CCC Help Spanish
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{502DBACB-D72F-276E-9B51-1CC980633BDC}" = CCC Help German
"{50831C51-70E7-CF72-3B5E-53413B1598E9}" = Catalyst Control Center Localization Dutch
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{56A29640-7334-2E21-8169-5F23EEEE4958}" = CCC Help Chinese Standard
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5E4D7B0F-E869-4834-BEB4-F67319A39617}" = Minitab16
"{60D7B2C5-5824-753E-D091-382D312C5590}" = Catalyst Control Center Localization French
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6275D380-371D-6D6E-32AF-97009138EBE3}" = Skins
"{63FD90F3-58B5-4A25-9C47-428576D994D0}" = Minitab16
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67905A54-F074-6F13-3C61-DA40552079BB}" = Catalyst Control Center Graphics Light
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}" = F2400
"{6E4F5172-7A60-E18C-D1F2-C8D783197A7C}" = Catalyst Control Center Localization German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7FADEAAE-1AAD-2635-809E-C92477AF1794}" = Catalyst Control Center Localization Italian
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
"{88771941-E487-0F1C-7242-554D82BC8740}" = CCC Help Japanese
"{89DCBAD2-592B-A42C-18D7-78601056FBD9}" = Catalyst Control Center Localization Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D90017E-FFE1-3077-9113-F4002ED7EB13}" = Catalyst Control Center Localization Swedish
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}" = Pro Evolution Soccer 2011
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDABBD9-B4D1-F927-8970-03E7CF4605F1}" = Catalyst Control Center Localization Korean
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A07EC392-26B6-E1AE-AFE8-A73F7BFC1C4C}" = CCC Help Chinese Traditional
"{A12F36B5-E11F-0128-7D8F-DEC927105BE2}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A58F02C6-1589-441A-BAC1-5FF11E749A07}" = F2400_NCL_Help
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B158BAE0-C912-3697-256D-A9FCEDFAA536}" = Catalyst Control Center Localization Portuguese
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5897EDD-E78B-067B-DB8F-D85E60B71967}" = Catalyst Control Center Localization Spanish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C42601B6-CBA8-7879-D310-7B2E97215D82}" = CCC Help Italian
"{C6DCC59B-48D8-5092-2F69-8C423BFAB27F}" = Catalyst Control Center Graphics Previews Vista
"{C7128EEC-088D-051A-E8F9-DD4E6F2C3F3E}" = CCC Help Portuguese
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C970757C-FD82-ED94-66C4-AF7C0266699E}" = ATI Catalyst Install Manager
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB22A47C-EFEA-2400-DB68-8F9B1D24BF43}" = Catalyst Control Center Graphics Full New
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBDF64B0-8CAB-45C7-B3B2-4637C9F88769}" = HDMI Control Manager
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE8B9F6B-7D9E-3C56-7B27-1E484CD41D78}" = ccc-core-static
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D00EAB9D-C698-D4F6-214F-6FFC496B7F71}" = Catalyst Control Center Core Implementation
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D305D4F8-0820-5DFA-F175-E7D06ED60364}" = CCC Help English
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4769CEC-EC9A-4F04-B80C-74F65EE29BD2}" = GlobeTrotter Connect
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF3E420F-2DCF-4C24-8E37-896801901033}" = Nero 7 Essentials
"{EFDD0584-E443-4CA8-8B79-E5BE7B22651D}" = Bootstrapper
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBD4A73E-1479-142D-181A-790551DDAE27}" = TweetDeck
"{FEBF75B0-9D67-6178-8737-92A81B3FEA47}" = Catalyst Control Center Localization Chinese Traditional
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AhnLab Online Security" = AhnLab Online Security
"AutoHideIP" = Auto Hide IP
"AVG" = AVG 2012
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DAEMON Tools Lite" = DAEMON Tools Lite
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DragonNest" = DragonNest
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fiddler2" = Fiddler2
"Fraps" = Fraps
"GOM Player" = GOM Player
"Hot Keyboard Pro_is1" = Hot Keyboard Pro 3.2
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MapleStory" = MapleStory
"MapleStorySEA" = MapleStorySEA
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Minitab16" = Minitab 16
"MinitabSoftwareManager" = Minitab Software Update Manager
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 11.64.1403" = Opera 11.64
"Pangya" = Pangya (Ntreev USA)
"Project Blackout" = Project Blackout
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.5.0
"Storm Codec 5" = Storm Codec
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2139651976-329313198-604098191-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2011 7:52:14 AM | Computer Name = Toshiba-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Faulting module name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Exception code: 0xc0000005 Fault offset: 0x001274ba Faulting process
id: 0x16b0 Faulting application start time: 0x01cc0d37325137f0 Faulting application
path: C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Faulting module path:
C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Report Id: 9d387fee-7969-11e0-9d63-d7ae2b79d013

Error - 5/8/2011 11:25:47 AM | Computer Name = Toshiba-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Faulting module name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Exception code: 0xc0000005 Fault offset: 0x001274ba Faulting process
id: 0x1524 Faulting application start time: 0x01cc0d7c23edcb99 Faulting application
path: C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Faulting module path:
C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Report Id: 71d03c53-7987-11e0-9d63-d7ae2b79d013

Error - 5/9/2011 12:23:22 AM | Computer Name = Toshiba-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/9/2011 1:22:29 AM | Computer Name = Toshiba-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 5/9/2011 3:28:10 AM | Computer Name = Toshiba-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Faulting module name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Exception code: 0xc0000005 Fault offset: 0x001274ba Faulting process
id: 0x14ac Faulting application start time: 0x01cc0e01cef8b0df Faulting application
path: C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Faulting module path:
C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Report Id: e3b8261b-7a0d-11e0-bda5-d304c86aa555

Error - 5/9/2011 5:07:05 AM | Computer Name = Toshiba-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Faulting module name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Exception code: 0xc0000005 Fault offset: 0x001274ba Faulting process
id: 0x12e8 Faulting application start time: 0x01cc0e1ac553a9c4 Faulting application
path: C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Faulting module path:
C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Report Id: b4f6e216-7a1b-11e0-bda5-d304c86aa555

Error - 5/9/2011 6:35:42 AM | Computer Name = Toshiba-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Faulting module name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Exception code: 0xc0000005 Fault offset: 0x001274ba Faulting process
id: 0x1634 Faulting application start time: 0x01cc0e2995412249 Faulting application
path: C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Faulting module path:
C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Report Id: 16815760-7a28-11e0-bda5-d304c86aa555

Error - 5/9/2011 8:02:23 AM | Computer Name = Toshiba-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Faulting module name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Exception code: 0xc0000005 Fault offset: 0x001274ba Faulting process
id: 0x1078 Faulting application start time: 0x01cc0e3a715367d7 Faulting application
path: C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Faulting module path:
C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Report Id: 32a5bcf6-7a34-11e0-bda5-d304c86aa555

Error - 5/9/2011 8:55:18 AM | Computer Name = Toshiba-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Faulting module name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Exception code: 0xc0000005 Fault offset: 0x001274ba Faulting process
id: 0xbf0 Faulting application start time: 0x01cc0e456a265340 Faulting application
path: C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Faulting module path:
C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Report Id: 97096d8a-7a3b-11e0-bda5-d304c86aa555

Error - 5/9/2011 10:26:19 AM | Computer Name = Toshiba-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Faulting module name: MapleStory.exe, version: 1.0.0.17, time
stamp: 0x4d8af826 Exception code: 0xc0000005 Fault offset: 0x001274ba Faulting process
id: 0x168c Faulting application start time: 0x01cc0e48699a2aa1 Faulting application
path: C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Faulting module path:
C:\Program Files\Wizet\MapleStorySEA\MapleStory.exe Report Id: 4dd15ae8-7a48-11e0-bda5-d304c86aa555

[ OSession Events ]
Error - 4/3/2011 9:37:27 AM | Computer Name = Toshiba-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 75
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/14/2012 5:34:47 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 5/14/2012 5:34:57 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 5/14/2012 5:34:57 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 5/14/2012 5:34:57 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 5/14/2012 5:36:51 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 5/14/2012 5:36:51 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 5/14/2012 5:36:51 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 5/14/2012 5:38:31 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 5/14/2012 5:38:31 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 5/14/2012 5:38:31 AM | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058


< End of report >

#4 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:16 PM

Posted 14 May 2012 - 12:32 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\S-1-5-21-2139651976-329313198-604098191-1003..\Run: [McjKiqhh] C:\Users\Toshiba\AppData\Local\evrxxnbq\mcjkiqhh.exe File not found
    O20 - HKLM Winlogon: UserInit - (C:\Users\Toshiba\AppData\Local\evrxxnbq\mcjkiqhh.exe) - File not found]
    [2012/05/12 00:10:33 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\evrxxnbq
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2010/08/17 14:32:28 | 000,335,752 | ---- | C] (Konami Digital Entertainment Co., Ltd.) -- C:\Users\Toshiba\AppData\Roaming\autorun.exe
    [2012/03/03 00:25:12 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Umxoo
    [2012/03/03 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Unpiem
    [2012/03/03 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Ybekfa
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done




Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

unite_blue.png

Please post the final results, good or bad. We like to know!


#5 Roctone

Roctone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 14 May 2012 - 09:58 PM

ComboFix 12-05-14.03 - Toshiba 05/15/2012 12:37:58.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.62.1033.18.2046.1061 [GMT 10:00]
Running from: c:\users\Toshiba\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Toshiba\AppData\Local\askgdfxt.log
c:\users\Toshiba\AppData\Local\coeapecw.log
c:\users\Toshiba\AppData\Local\gdtpuncu.log
c:\users\Toshiba\AppData\Local\ndmcjppg.log
c:\users\Toshiba\AppData\Local\otqpfmwd.log
c:\users\Toshiba\AppData\Local\ptgfdtww.log
c:\users\Toshiba\AppData\Local\smhwligb.log
c:\users\Toshiba\videos\msea-v1.02-setup.exe
c:\windows\setupact.log
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 02:07 . 2012-05-15 02:07 -------- d-----w- C:\_OTL
2012-05-14 08:34 . 2012-05-14 08:34 -------- d-----w- c:\program files\AVG Secure Search
2012-05-10 05:01 . 2012-03-30 10:29 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 05:01 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 05:01 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 05:01 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 05:01 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 05:01 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 05:01 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 05:01 . 2012-04-02 02:43 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 05:00 . 2012-03-17 07:20 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 05:00 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 05:00 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 05:00 . 2012-03-03 05:40 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 05:00 . 2012-03-03 05:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 05:00 . 2012-03-03 05:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-08 04:07 . 2012-05-08 04:07 -------- d-----w- c:\users\Toshiba\AppData\Roaming\MathWorks
2012-05-03 10:35 . 2012-05-03 10:35 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-02 12:34 . 2012-05-02 12:34 -------- d-----w- c:\users\Toshiba\AppData\Local\Opera
2012-05-02 12:33 . 2012-05-13 11:56 -------- d-----w- c:\program files\Opera
2012-05-02 12:24 . 2012-05-02 12:25 -------- d-----w- c:\program files\SopCast
2012-04-23 12:20 . 2012-04-23 12:20 -------- d-----w- c:\users\Toshiba\AppData\Local\AVG Secure Search
2012-04-23 12:19 . 2012-04-23 12:19 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-23 12:19 . 2012-04-23 12:19 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-18 18:50 . 2012-04-18 18:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 19:17 . 2012-03-18 19:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-06 01:58 . 2012-03-06 01:58 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 05:53 . 2012-04-14 03:40 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49 . 2012-04-14 03:40 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45 . 2012-04-14 03:40 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40 . 2012-04-14 03:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-13 06:59 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-13 06:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 06:59 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-13 06:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-25 01:50 . 2012-02-25 01:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-25 01:50 . 2012-02-25 01:50 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-25 01:50 . 2012-02-25 01:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-25 01:50 . 2012-02-25 01:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-25 01:50 . 2012-02-25 01:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-25 01:50 . 2012-02-25 01:50 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-25 01:50 . 2012-02-25 01:50 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-25 01:50 . 2012-02-25 01:50 367104 ----a-w- c:\windows\system32\html.iec
2012-02-25 01:50 . 2012-02-25 01:50 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-25 01:50 . 2012-02-25 01:50 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-25 01:50 . 2012-02-25 01:50 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-25 01:50 . 2012-02-25 01:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-25 01:50 . 2012-02-25 01:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-25 01:50 . 2012-02-25 01:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-25 01:50 . 2012-02-25 01:50 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-25 01:50 . 2012-02-25 01:50 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-25 01:50 . 2012-02-25 01:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-25 01:48 . 2012-02-25 01:48 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-02-25 01:48 . 2012-02-25 01:48 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-25 01:48 . 2012-02-25 01:48 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-02-25 01:48 . 2012-02-25 01:48 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-02-25 01:47 . 2012-02-25 01:47 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-02-25 01:47 . 2012-02-25 01:47 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-25 01:47 . 2012-02-25 01:47 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-25 01:47 . 2012-02-25 01:47 107520 ----a-w- c:\windows\system32\cdd.dll
2012-02-25 01:47 . 2012-02-25 01:47 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-25 01:47 . 2012-02-25 01:47 3181568 ----a-w- c:\windows\system32\mf.dll
2012-02-25 01:47 . 2012-02-25 01:47 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-02-21 19:25 . 2012-02-21 19:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-15 05:44 . 2012-03-14 05:56 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 05:56 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 05:56 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-14 08:34 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-14 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2010-02-10 18784440]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-14 3905920]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1029416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-01-25 716800]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-18 431456]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-05-25 35328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-14 1116544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA&inst=NwA3AC0ANAAzADMAMwA0ADQAMgAwADQALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQA&prod=90&ver=9.0.894" [?]
.
c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-7-11 782336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-5-5 972104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-04-29 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2009-10-13 133632]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-07-13 79360]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-28 3407292]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-24 639224]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-18 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-30 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-21 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-18 301248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-23 218688]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-17 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 196704]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-04-23 932736]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={C5FD1A1F-14ED-432F-A780-0610D4A1E865}&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&lang=en&ds=gm011&pr=sa&d=2012-04-23 22:19&v=11.0.0.9&sap=hp
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
IE: Assign &hot key - c:\program files\Hot Keyboard Pro\IEScript.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 10.1.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\ltcs2asj.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bd886b5a2-9c7b-49bc-bad2-6e31bd0c083f%7D&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-23%2022%3A19%3A50
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd886b5a2-9c7b-49bc-bad2-6e31bd0c083f%7D&mid=243ca0cc21503b847045f495650bbea4-3d184bc1af98154e8079e743f9ae3cb5eeabcb5c&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-23%2022%3A19%3A50&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-15 12:55:28
ComboFix-quarantined-files.txt 2012-05-15 02:55
.
Pre-Run: 35,938,177,024 bytes free
Post-Run: 35,810,709,504 bytes free
.
- - End Of File - - BAB3D1CD2CD8D54968B17CCE1AEFA1D5

Do you need the OTL log as well?
My laptop seems good now. I can run my opera and chrome browsers and in each restart no more virus detected. Is all the virus cleaned now? Is it safe for me to use my computer again?
Thx for the help

#6 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:16 PM

Posted 15 May 2012 - 09:54 AM

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

unite_blue.png

Please post the final results, good or bad. We like to know!


#7 Roctone

Roctone
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 16 May 2012 - 04:24 AM

All done :) thanks for your help Gammo.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users