Laptop freezing multiple times daily - moved by Jintan - Page 2

DRayner · #16 December 31st, 2012, 01:17 AM

OTL Extras logfile created on: 12/30/2012 9:40:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TOSHIBA\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 48.08% Memory free
6.20 Gb Paging File | 4.25 Gb Available in Paging File | 68.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.49 Gb Total Space | 69.89 Gb Free Space | 31.13% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TOSHIBA-PC | User Name: TOSHIBA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 96 90 04 8F 65 51 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0229D50A-FDB5-4181-8F67-557C8970FDC8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{073D1B1B-2A22-4DDF-B9F8-13A78116A4AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{085E3A5B-1D6B-4F03-85B9-DAB9C8F4BBFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{118815C1-39E2-408E-B673-2639B11846C2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{15428BBE-EEA1-4195-B7DB-11AC9605FC83}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{187975F6-2330-4198-925C-BB926E74EB75}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FD54FB6-0782-4100-B93A-F79C6918C38E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{28DBD225-89A2-4D82-92BA-3F86BE9E8F45}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2D9F4B26-714A-44DF-BB90-529F2938E27D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3AF95FF2-EA53-4CB6-A604-38F2D94E6703}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3C2D3FE1-73CE-40A5-AD9C-977C07C2AFF3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E81E416-40E3-4B06-A746-2E3FC85A6703}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4A07AA61-0674-479E-8DCC-2FB3C07613EB}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{4B86E773-9622-4A75-A3E1-E9455035C194}" = lport=3390 | protocol=6 | dir=in | app=system |
"{4D7BD6BD-649A-4229-BEFC-21482AB54EBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52AFE288-C5F0-4360-9B5D-9CED0EE957BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BDA1ECA-FB6C-4EAD-A88A-93E5896D8D50}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{60ED1EB5-C3F7-4B4A-873B-82919B75F8BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64AB73D2-97A8-449A-87CE-469164496352}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67C22850-DF6B-450F-A2AD-19E547BD0E88}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7584E437-1A2D-44B6-AEDB-2821741BE7CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7815E64B-BC1F-4DED-8D38-E8F9EBA02A4B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{7AA80AE4-7C59-43D3-98E5-3157A75F3B5B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7F1EBA79-24C0-493F-9DD7-75157840A8B5}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{93ED3116-AFAF-45B6-8773-3E9678438147}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9402F040-998C-409D-9070-AE673FC5A2A0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{999B9604-0250-4166-A53E-662ABD535243}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A0AD8FFF-CBD2-4A6E-9E15-E776B4C74326}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8465EAE-97E1-4BDD-87AC-A5FCF3CEF2E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A91B7829-3C8B-4FB0-ADC9-A65D39C4076F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AC081487-DE19-4145-92B4-CCE344992120}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AEEB0271-2739-4012-A926-9E6FC3359C4D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BACFBF0F-F375-4A2B-9681-38A42924C4E1}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C2839385-463C-4F7D-A1AE-780B2EE15A44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5CE27E1-1A09-4BBB-AEB9-57C6DBDABF64}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{DF909A43-AAEC-4530-9A57-408FD1A0E7F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E09B5C82-A120-4AA0-97E2-E278AC05B6B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E45972D3-74D6-478D-8E0A-45AD0EAC679C}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{EDF36067-B2BC-492A-8275-BC020FBA8DC1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1422A83-74AC-4131-9443-97ECD3BAB525}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0D7EE029-0AFD-4D0F-A7D4-80032BF1E071}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{126C7D44-BD10-4AC9-83AC-ADB776C3B110}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{17D67D9F-0727-4564-A2DC-BAFAAE0CC4E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A7195EE-7896-49A1-9DE9-F4C2BE61AEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1B0F3916-8080-4B7C-B493-DEDCB9D6CACC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2BDC4790-E409-49CC-BEC5-75991DDEEA0B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2ED1EC75-D7DF-4752-952A-8D6AF070ACBB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{3032C4BD-8EC5-403C-B64A-3DDAEE8D7BE2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{38D0505D-FB03-4EF0-ADAC-59368043A1EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3E646563-1A64-4A67-A5A3-D4EBFD2A13CF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{46941DFF-01DA-4EF7-BD78-26F1D1DAD7C3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80FB3694-7C35-4F73-92AF-257A0166A249}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{84B7069D-A4B7-4991-8D79-8A15D8A0E919}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9433CEFF-9A3D-4D32-88F8-1EC442690B64}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94791A17-BD05-4578-B160-862FD2F7FF8C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{992815BE-D60E-4616-BA7B-1564DB9335DC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A11BE3BC-6E67-49CD-BFF3-5525F4623DF5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A2FD2864-D0EC-486A-8C93-48B410F95344}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A4DCAFCC-6C93-4B5D-98D7-E2F6978C9C92}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A5C1D1BA-C056-4BA4-8E3D-C1A198F77311}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ADE9ABE4-E194-4B54-9D6C-DA956C4B6F70}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BE8E6EBB-BD1D-4B3E-A0F8-DE0A02C8E886}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{C41BCCA7-8A16-46E9-885F-3EFEF8304488}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C52CD7FE-1EAD-4DED-A687-469BB92FE845}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth (tm)\game.dat |
"{C7A8C974-ACFA-4021-AABC-C7182B7FA2A5}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{CC5142F6-B9F8-41DD-ACB1-EDCD25FEC29E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DFB08927-5FD6-419D-B40C-27926748DEC5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E736BEB5-347B-4C7D-AC6D-2DCBAD2035EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E893E24D-7D6C-4AD6-A6AC-6C0330607358}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth (tm)\game.dat |
"{F5C725AE-B3CA-40D1-8E63-8EE12E66A99D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{F626D592-D22D-4F3F-A833-8C905F66FBF9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F8899B98-E37E-4AF7-8CD0-E776DE8AE6B6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{110CE461-9A01-4D8A-8744-74C0FA25CFF1}C:\users\toshiba\documents\downloads\ age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\empires2.exe |
"TCP Query User{160F6FEA-5720-490F-8DEF-B787D50642BA}C:\users\toshiba\documents\downloads\ age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{50E4440C-1A71-4164-8525-8B19C39A233D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{613B36D5-2490-4D46-951C-707B09D98919}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"TCP Query User{6DDA4CEA-65DA-415B-9733-DAA29037C4CB}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe |
"TCP Query User{8D61FC6E-51F6-492B-BADD-92EE9C8BABB0}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{9068B62A-DC8C-432C-9B3E-68A69F7E46AD}C:\users\toshiba\documents\downloads\ age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{995E72B8-B8A3-4C25-BC90-7869A6CC39FD}C:\users\toshiba\documents\downloads\ age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\empires2.exe |
"TCP Query User{B61A8D95-BA4E-4F9D-93B7-19DB9AC98F89}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{C3064802-39BE-48A6-9C05-D1A3D5DDBD04}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{CC6A039B-A847-4680-9867-5C12521D088F}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{E20564EC-4A77-497E-9A37-8FD5B5547390}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"UDP Query User{03CD725A-9491-4D2F-9251-E72C6C60364D}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"UDP Query User{0A728373-57BD-441D-BC05-C69F5D985E40}C:\users\toshiba\documents\downloads\ age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{25A7D64F-335A-424C-8D44-588479C010B5}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{275FEEAE-52B9-43E9-A4A6-4464CC6FA685}C:\users\toshiba\documents\downloads\ age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\empires2.exe |
"UDP Query User{4D886E8E-5A1C-49CF-8521-95FC647263DC}C:\users\toshiba\documents\downloads\ age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\empires2.exe |
"UDP Query User{6A3C03D2-0443-4251-85F4-7D58C5FE83D8}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{70384922-BA88-44BF-B640-8ABDC2A05D67}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{73097328-D45D-4355-AA9F-DD9E1C5F270E}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{B7D97E38-565B-4383-891E-6CD7C6AFA248}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{D8E889B1-0926-4D9C-BC35-14ACA7F5CAE9}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"UDP Query User{E2EA612B-220F-4681-B52F-4B5E79F2C582}C:\users\toshiba\documents\downloads\ age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{FDA2AF3E-CDFD-4528-8D68-DC45F2BBAB7E}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6D70F47D-5E18-E51D-6FE4-0CB5DCE0C542}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A03758F1-AF81-5AA1-0633-47E9699A0CFF}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8005A7B-9638-41DD-B83B-AF277754E211}" = Intel(R) PROSet/Wireless WiFi Software
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SMSERIAL" = TOSHIBA SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{084548D1-AE93-4A17-9572-D59631F1846B}" = TOSHIBA V.92 MoH Application
"{09527978-C15B-6AF8-5582-C9784F8F3B69}" = Catalyst Control Center Localization Chinese Traditional
"{0A6A6F94-7EFC-2FEA-CC70-FB6A22188F88}" = Catalyst Control Center Localization Swedish
"{0AB16A24-2465-0F1A-C12E-BFAB6F612191}" = Catalyst Control Center Localization Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C36CB3D-A859-B0CE-253A-89C27BAB2AA4}" = CCC Help French
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{16E42331-56E6-53BC-428C-6E2020E58025}" = Catalyst Control Center Localization Portuguese
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D88A6A6-C2C6-3E2F-DDB6-A635090141B0}" = Catalyst Control Center Graphics Full New
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{25F83D04-6D32-5AAD-C057-AEA7B8C746E3}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{3573E889-A6BA-DADE-8F70-8B756D0A6573}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FD66338-6A62-96FE-BE27-957F1D5A4C1C}" = CCC Help Italian
"{44AB916C-E8AE-3A81-269A-2A55C4802C7A}" = Catalyst Control Center Graphics Full Existing
"{48284361-3F81-8AD3-0630-72AEDB614936}" = Catalyst Control Center Localization Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{507DB37B-FFE7-429E-FF1B-D46F3BB0FE96}" = Catalyst Control Center Graphics Light
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54E1A977-FC97-AAAB-A3C2-CA8ED6545951}" = Catalyst Control Center Localization Italian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74D7540C-9E12-A710-00CF-D8F4DC7465F4}" = CCC Help Chinese Traditional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{80B0B1FC-41C9-D8B9-D183-D31218875F73}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86BBFA80-9ED0-793A-0A10-6CB37BF6409C}" = CCC Help Portuguese
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8750318B-6559-BD76-E8C5-1DE2C8CA961A}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B067A5-89C8-3C29-57EE-597034D56D42}" = Catalyst Control Center Core Implementation
"{9317BC0B-8869-8D99-41F3-DE4ECE37A8A4}" = CCC Help Chinese Standard
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9607BEEE-ED89-FE20-C992-AF3DC46EBEB5}" = Catalyst Control Center Localization German
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth (tm)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D32CC0B-4B40-F54A-AAF1-39E9173500AD}" = CCC Help Japanese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A98321B3-98EE-4BB3-B55A-C6DFD3A47933}" = CCC Help English
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF8B7B36-0427-22DD-8005-07869A67CE20}" = ccc-core-static
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C19D5636-D868-57D1-A36E-EF1056E9813C}" = Catalyst Control Center Localization Chinese Standard
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA8B0FB9-69D0-4B50-8342-7CF0C96F10E6}" = Black's Digital Solution Studio
"{CB685FA8-9C7A-73F5-3BBF-38B8F63A1C48}" = Catalyst Control Center Graphics Previews Vista
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D580C9A6-3240-721A-19F0-E4C8A1F400DA}" = CCC Help Dutch
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECF4937-8E72-5723-E82E-74A566F73197}" = Catalyst Control Center Localization French
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFD48405-94CC-71B6-A915-5B0121C6C7E3}" = Catalyst Control Center Localization Dutch
"{F041BEBB-2E74-01BC-7DAB-CF352809FE79}" = CCC Help Spanish
"{F06B8809-3C26-E6A0-3D80-084331666B73}" = Skins
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AutoREALM_is1" = AutoREALM Version 2.2.1
"BabylonToolbar" = Babylon toolbar on IE
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Crossrider" = Crossrider Web Apps
"Debut" = Debut Video Capture Software
"DivX Setup" = DivX Setup
"ExpressVPN" = ExpressVPN v3.097
"ExpressZip" = Express Zip
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"I Want This" = I Want This
"ImTOO MOV Converter" = ImTOO MOV Converter
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"OnlinePlay" = OnlinePlay 1.0
"PriceGong" = PriceGong 2.5.0
"Prism" = Prism Video File Converter
"PROHYBRIDR" = 2007 Microsoft Office system
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.2
"Webroot Software" = Webroot Software
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"XP Codec Pack" = XP Codec Pack

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ooVoo toolbar, powered by Ask.com Updater
"FoxTab PDF Converter" = FoxTab PDF Converter
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2012 11:13:02 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 286075

Error - 11/12/2012 11:13:03 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/12/2012 11:13:03 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 287074

Error - 11/12/2012 11:13:03 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 287074

Error - 11/12/2012 11:13:04 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/12/2012 11:13:04 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 288072

Error - 11/12/2012 11:13:04 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 288072

Error - 11/12/2012 11:13:05 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/12/2012 11:13:05 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 289070

Error - 11/12/2012 11:13:05 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 289070

[ Media Center Events ]
Error - 8/4/2012 10:03:52 PM | Computer Name = TOSHIBA-PC | Source = McrMgr | ID = 107
Description =

Error - 8/11/2012 8:26:28 PM | Computer Name = TOSHIBA-PC | Source = McrMgr | ID = 107
Description =

Error - 8/11/2012 8:30:55 PM | Computer Name = TOSHIBA-PC | Source = McrMgr | ID = 107
Description =

Error - 8/11/2012 8:33:39 PM | Computer Name = TOSHIBA-PC | Source = McrMgr | ID = 109
Description =

Error - 8/21/2012 8:18:54 AM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 8/31/2011 11:12:45 AM | Computer Name = TOSHIBA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 97
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/28/2012 5:14:16 AM | Computer Name = TOSHIBA-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x80070002 Error description: The system cannot find the file specified. Signature
version: 1.141.2622.0;1.141.2622.0 Engine version: 1.1.9002.0

Error - 12/28/2012 7:20:57 AM | Computer Name = TOSHIBA-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:16:07 PM on 12/28/2012 was unexpected.

Error - 12/28/2012 10:15:51 AM | Computer Name = TOSHIBA-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:52:38 PM on 12/28/2012 was unexpected.

Error - 12/28/2012 10:18:28 AM | Computer Name = TOSHIBA-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/28/2012 10:58:22 AM | Computer Name = TOSHIBA-PC | Source = DCOM | ID = 10010
Description =

Error - 12/28/2012 8:00:07 PM | Computer Name = TOSHIBA-PC | Source = DCOM | ID = 10010
Description =

Error - 12/29/2012 12:34:02 PM | Computer Name = TOSHIBA-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:40:15 AM on 12/29/2012 was unexpected.

Error - 12/29/2012 1:13:28 PM | Computer Name = TOSHIBA-PC | Source = DCOM | ID = 10010
Description =

Error - 12/29/2012 9:12:44 PM | Computer Name = TOSHIBA-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/29/2012 9:12:44 PM | Computer Name = TOSHIBA-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

DRayner · #17 December 31st, 2012, 01:23 AM

OTL Extras logfile created on: 12/30/2012 9:40:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TOSHIBA\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 48.08% Memory free
6.20 Gb Paging File | 4.25 Gb Available in Paging File | 68.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.49 Gb Total Space | 69.89 Gb Free Space | 31.13% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TOSHIBA-PC | User Name: TOSHIBA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 96 90 04 8F 65 51 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0229D50A-FDB5-4181-8F67-557C8970FDC8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{073D1B1B-2A22-4DDF-B9F8-13A78116A4AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{085E3A5B-1D6B-4F03-85B9-DAB9C8F4BBFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{118815C1-39E2-408E-B673-2639B11846C2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{15428BBE-EEA1-4195-B7DB-11AC9605FC83}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{187975F6-2330-4198-925C-BB926E74EB75}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FD54FB6-0782-4100-B93A-F79C6918C38E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{28DBD225-89A2-4D82-92BA-3F86BE9E8F45}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2D9F4B26-714A-44DF-BB90-529F2938E27D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3AF95FF2-EA53-4CB6-A604-38F2D94E6703}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3C2D3FE1-73CE-40A5-AD9C-977C07C2AFF3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E81E416-40E3-4B06-A746-2E3FC85A6703}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4A07AA61-0674-479E-8DCC-2FB3C07613EB}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{4B86E773-9622-4A75-A3E1-E9455035C194}" = lport=3390 | protocol=6 | dir=in | app=system |
"{4D7BD6BD-649A-4229-BEFC-21482AB54EBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52AFE288-C5F0-4360-9B5D-9CED0EE957BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BDA1ECA-FB6C-4EAD-A88A-93E5896D8D50}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{60ED1EB5-C3F7-4B4A-873B-82919B75F8BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64AB73D2-97A8-449A-87CE-469164496352}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67C22850-DF6B-450F-A2AD-19E547BD0E88}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7584E437-1A2D-44B6-AEDB-2821741BE7CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7815E64B-BC1F-4DED-8D38-E8F9EBA02A4B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{7AA80AE4-7C59-43D3-98E5-3157A75F3B5B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7F1EBA79-24C0-493F-9DD7-75157840A8B5}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{93ED3116-AFAF-45B6-8773-3E9678438147}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9402F040-998C-409D-9070-AE673FC5A2A0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{999B9604-0250-4166-A53E-662ABD535243}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A0AD8FFF-CBD2-4A6E-9E15-E776B4C74326}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8465EAE-97E1-4BDD-87AC-A5FCF3CEF2E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A91B7829-3C8B-4FB0-ADC9-A65D39C4076F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AC081487-DE19-4145-92B4-CCE344992120}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AEEB0271-2739-4012-A926-9E6FC3359C4D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BACFBF0F-F375-4A2B-9681-38A42924C4E1}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C2839385-463C-4F7D-A1AE-780B2EE15A44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5CE27E1-1A09-4BBB-AEB9-57C6DBDABF64}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{DF909A43-AAEC-4530-9A57-408FD1A0E7F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E09B5C82-A120-4AA0-97E2-E278AC05B6B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E45972D3-74D6-478D-8E0A-45AD0EAC679C}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{EDF36067-B2BC-492A-8275-BC020FBA8DC1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1422A83-74AC-4131-9443-97ECD3BAB525}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0D7EE029-0AFD-4D0F-A7D4-80032BF1E071}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{126C7D44-BD10-4AC9-83AC-ADB776C3B110}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{17D67D9F-0727-4564-A2DC-BAFAAE0CC4E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A7195EE-7896-49A1-9DE9-F4C2BE61AEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1B0F3916-8080-4B7C-B493-DEDCB9D6CACC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2BDC4790-E409-49CC-BEC5-75991DDEEA0B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2ED1EC75-D7DF-4752-952A-8D6AF070ACBB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{3032C4BD-8EC5-403C-B64A-3DDAEE8D7BE2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{38D0505D-FB03-4EF0-ADAC-59368043A1EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3E646563-1A64-4A67-A5A3-D4EBFD2A13CF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{46941DFF-01DA-4EF7-BD78-26F1D1DAD7C3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80FB3694-7C35-4F73-92AF-257A0166A249}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{84B7069D-A4B7-4991-8D79-8A15D8A0E919}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9433CEFF-9A3D-4D32-88F8-1EC442690B64}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94791A17-BD05-4578-B160-862FD2F7FF8C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{992815BE-D60E-4616-BA7B-1564DB9335DC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A11BE3BC-6E67-49CD-BFF3-5525F4623DF5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A2FD2864-D0EC-486A-8C93-48B410F95344}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A4DCAFCC-6C93-4B5D-98D7-E2F6978C9C92}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A5C1D1BA-C056-4BA4-8E3D-C1A198F77311}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ADE9ABE4-E194-4B54-9D6C-DA956C4B6F70}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BE8E6EBB-BD1D-4B3E-A0F8-DE0A02C8E886}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{C41BCCA7-8A16-46E9-885F-3EFEF8304488}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C52CD7FE-1EAD-4DED-A687-469BB92FE845}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth (tm)\game.dat |
"{C7A8C974-ACFA-4021-AABC-C7182B7FA2A5}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{CC5142F6-B9F8-41DD-ACB1-EDCD25FEC29E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DFB08927-5FD6-419D-B40C-27926748DEC5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E736BEB5-347B-4C7D-AC6D-2DCBAD2035EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E893E24D-7D6C-4AD6-A6AC-6C0330607358}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth (tm)\game.dat |
"{F5C725AE-B3CA-40D1-8E63-8EE12E66A99D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{F626D592-D22D-4F3F-A833-8C905F66FBF9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F8899B98-E37E-4AF7-8CD0-E776DE8AE6B6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{110CE461-9A01-4D8A-8744-74C0FA25CFF1}C:\users\toshiba\documents\downloads\ age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\empires2.exe |
"TCP Query User{160F6FEA-5720-490F-8DEF-B787D50642BA}C:\users\toshiba\documents\downloads\ age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{50E4440C-1A71-4164-8525-8B19C39A233D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{613B36D5-2490-4D46-951C-707B09D98919}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"TCP Query User{6DDA4CEA-65DA-415B-9733-DAA29037C4CB}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe |
"TCP Query User{8D61FC6E-51F6-492B-BADD-92EE9C8BABB0}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{9068B62A-DC8C-432C-9B3E-68A69F7E46AD}C:\users\toshiba\documents\downloads\ age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{995E72B8-B8A3-4C25-BC90-7869A6CC39FD}C:\users\toshiba\documents\downloads\ age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\empires2.exe |
"TCP Query User{B61A8D95-BA4E-4F9D-93B7-19DB9AC98F89}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{C3064802-39BE-48A6-9C05-D1A3D5DDBD04}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{CC6A039B-A847-4680-9867-5C12521D088F}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{E20564EC-4A77-497E-9A37-8FD5B5547390}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"UDP Query User{03CD725A-9491-4D2F-9251-E72C6C60364D}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"UDP Query User{0A728373-57BD-441D-BC05-C69F5D985E40}C:\users\toshiba\documents\downloads\ age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{25A7D64F-335A-424C-8D44-588479C010B5}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{275FEEAE-52B9-43E9-A4A6-4464CC6FA685}C:\users\toshiba\documents\downloads\ age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\empires2.exe |
"UDP Query User{4D886E8E-5A1C-49CF-8521-95FC647263DC}C:\users\toshiba\documents\downloads\ age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\empires2.exe |
"UDP Query User{6A3C03D2-0443-4251-85F4-7D58C5FE83D8}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{70384922-BA88-44BF-B640-8ABDC2A05D67}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{73097328-D45D-4355-AA9F-DD9E1C5F270E}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{B7D97E38-565B-4383-891E-6CD7C6AFA248}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{D8E889B1-0926-4D9C-BC35-14ACA7F5CAE9}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"UDP Query User{E2EA612B-220F-4681-B52F-4B5E79F2C582}C:\users\toshiba\documents\downloads\ age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\toshiba\documents\downloads\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{FDA2AF3E-CDFD-4528-8D68-DC45F2BBAB7E}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6D70F47D-5E18-E51D-6FE4-0CB5DCE0C542}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A03758F1-AF81-5AA1-0633-47E9699A0CFF}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8005A7B-9638-41DD-B83B-AF277754E211}" = Intel(R) PROSet/Wireless WiFi Software
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SMSERIAL" = TOSHIBA SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{084548D1-AE93-4A17-9572-D59631F1846B}" = TOSHIBA V.92 MoH Application
"{09527978-C15B-6AF8-5582-C9784F8F3B69}" = Catalyst Control Center Localization Chinese Traditional
"{0A6A6F94-7EFC-2FEA-CC70-FB6A22188F88}" = Catalyst Control Center Localization Swedish
"{0AB16A24-2465-0F1A-C12E-BFAB6F612191}" = Catalyst Control Center Localization Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C36CB3D-A859-B0CE-253A-89C27BAB2AA4}" = CCC Help French
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{16E42331-56E6-53BC-428C-6E2020E58025}" = Catalyst Control Center Localization Portuguese
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D88A6A6-C2C6-3E2F-DDB6-A635090141B0}" = Catalyst Control Center Graphics Full New
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{25F83D04-6D32-5AAD-C057-AEA7B8C746E3}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{3573E889-A6BA-DADE-8F70-8B756D0A6573}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FD66338-6A62-96FE-BE27-957F1D5A4C1C}" = CCC Help Italian
"{44AB916C-E8AE-3A81-269A-2A55C4802C7A}" = Catalyst Control Center Graphics Full Existing
"{48284361-3F81-8AD3-0630-72AEDB614936}" = Catalyst Control Center Localization Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{507DB37B-FFE7-429E-FF1B-D46F3BB0FE96}" = Catalyst Control Center Graphics Light
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54E1A977-FC97-AAAB-A3C2-CA8ED6545951}" = Catalyst Control Center Localization Italian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74D7540C-9E12-A710-00CF-D8F4DC7465F4}" = CCC Help Chinese Traditional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{80B0B1FC-41C9-D8B9-D183-D31218875F73}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86BBFA80-9ED0-793A-0A10-6CB37BF6409C}" = CCC Help Portuguese
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8750318B-6559-BD76-E8C5-1DE2C8CA961A}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B067A5-89C8-3C29-57EE-597034D56D42}" = Catalyst Control Center Core Implementation
"{9317BC0B-8869-8D99-41F3-DE4ECE37A8A4}" = CCC Help Chinese Standard
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9607BEEE-ED89-FE20-C992-AF3DC46EBEB5}" = Catalyst Control Center Localization German
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth (tm)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D32CC0B-4B40-F54A-AAF1-39E9173500AD}" = CCC Help Japanese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A98321B3-98EE-4BB3-B55A-C6DFD3A47933}" = CCC Help English
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF8B7B36-0427-22DD-8005-07869A67CE20}" = ccc-core-static
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C19D5636-D868-57D1-A36E-EF1056E9813C}" = Catalyst Control Center Localization Chinese Standard
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA8B0FB9-69D0-4B50-8342-7CF0C96F10E6}" = Black's Digital Solution Studio
"{CB685FA8-9C7A-73F5-3BBF-38B8F63A1C48}" = Catalyst Control Center Graphics Previews Vista
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D580C9A6-3240-721A-19F0-E4C8A1F400DA}" = CCC Help Dutch
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECF4937-8E72-5723-E82E-74A566F73197}" = Catalyst Control Center Localization French
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFD48405-94CC-71B6-A915-5B0121C6C7E3}" = Catalyst Control Center Localization Dutch
"{F041BEBB-2E74-01BC-7DAB-CF352809FE79}" = CCC Help Spanish
"{F06B8809-3C26-E6A0-3D80-084331666B73}" = Skins
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AutoREALM_is1" = AutoREALM Version 2.2.1
"BabylonToolbar" = Babylon toolbar on IE
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Crossrider" = Crossrider Web Apps
"Debut" = Debut Video Capture Software
"DivX Setup" = DivX Setup
"ExpressVPN" = ExpressVPN v3.097
"ExpressZip" = Express Zip
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"I Want This" = I Want This
"ImTOO MOV Converter" = ImTOO MOV Converter
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"OnlinePlay" = OnlinePlay 1.0
"PriceGong" = PriceGong 2.5.0
"Prism" = Prism Video File Converter
"PROHYBRIDR" = 2007 Microsoft Office system
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.2
"Webroot Software" = Webroot Software
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"XP Codec Pack" = XP Codec Pack

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2864491281-1052238831-3070168691-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ooVoo toolbar, powered by Ask.com Updater
"FoxTab PDF Converter" = FoxTab PDF Converter
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2012 11:13:02 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 286075

Error - 11/12/2012 11:13:03 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/12/2012 11:13:03 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 287074

Error - 11/12/2012 11:13:03 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 287074

Error - 11/12/2012 11:13:04 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/12/2012 11:13:04 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 288072

Error - 11/12/2012 11:13:04 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 288072

Error - 11/12/2012 11:13:05 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/12/2012 11:13:05 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 289070

Error - 11/12/2012 11:13:05 AM | Computer Name = TOSHIBA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 289070

[ Media Center Events ]
Error - 8/4/2012 10:03:52 PM | Computer Name = TOSHIBA-PC | Source = McrMgr | ID = 107
Description =

Error - 8/11/2012 8:26:28 PM | Computer Name = TOSHIBA-PC | Source = McrMgr | ID = 107
Description =

Error - 8/11/2012 8:30:55 PM | Computer Name = TOSHIBA-PC | Source = McrMgr | ID = 107
Description =

Error - 8/11/2012 8:33:39 PM | Computer Name = TOSHIBA-PC | Source = McrMgr | ID = 109
Description =

Error - 8/21/2012 8:18:54 AM | Computer Name = TOSHIBA-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 8/31/2011 11:12:45 AM | Computer Name = TOSHIBA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 97
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/28/2012 5:14:16 AM | Computer Name = TOSHIBA-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x80070002 Error description: The system cannot find the file specified. Signature
version: 1.141.2622.0;1.141.2622.0 Engine version: 1.1.9002.0

Error - 12/28/2012 7:20:57 AM | Computer Name = TOSHIBA-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:16:07 PM on 12/28/2012 was unexpected.

Error - 12/28/2012 10:15:51 AM | Computer Name = TOSHIBA-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:52:38 PM on 12/28/2012 was unexpected.

Error - 12/28/2012 10:18:28 AM | Computer Name = TOSHIBA-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/28/2012 10:58:22 AM | Computer Name = TOSHIBA-PC | Source = DCOM | ID = 10010
Description =

Error - 12/28/2012 8:00:07 PM | Computer Name = TOSHIBA-PC | Source = DCOM | ID = 10010
Description =

Error - 12/29/2012 12:34:02 PM | Computer Name = TOSHIBA-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:40:15 AM on 12/29/2012 was unexpected.

Error - 12/29/2012 1:13:28 PM | Computer Name = TOSHIBA-PC | Source = DCOM | ID = 10010
Description =

Error - 12/29/2012 9:12:44 PM | Computer Name = TOSHIBA-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/29/2012 9:12:44 PM | Computer Name = TOSHIBA-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

DRayner · #18 December 31st, 2012, 01:24 AM

Gmer said there were no changes.

DRayner · #19 December 31st, 2012, 01:25 AM

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-30 10:51:10
-----------------------------
10:51:10.373 OS Version: Windows x64 6.0.6002 Service Pack 2
10:51:10.374 Number of processors: 2 586 0xF0D
10:51:10.375 ComputerName: TOSHIBA-PC UserName: TOSHIBA
10:51:12.217 Initialize success
11:34:15.490 AVAST engine defs: 12122901
11:36:03.719 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:36:03.724 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
11:36:03.747 Disk 0 MBR read successfully
11:36:03.752 Disk 0 MBR scan
11:36:03.846 Disk 0 Windows VISTA default MBR code
11:36:03.876 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:36:03.914 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229882 MB offset 3074048
11:36:03.974 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7084 MB offset 473872384
11:36:04.082 Disk 0 scanning C:\Windows\system32\drivers
11:36:35.786 Service scanning
11:37:57.544 Modules scanning
11:37:57.558 Disk 0 trace - called modules:
11:37:57.592 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:37:57.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80050a1790]
11:37:57.960 3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8003392050]
11:37:59.732 AVAST engine scan C:\Windows
11:38:07.011 AVAST engine scan C:\Windows\system32
11:49:46.410 AVAST engine scan C:\Windows\system32\drivers
11:50:17.010 AVAST engine scan C:\Users\TOSHIBA
12:00:03.023 Disk 0 MBR has been saved successfully to "C:\Users\TOSHIBA\Downloads\MBR.dat"
12:00:03.050 The log file has been saved successfully to "C:\Users\TOSHIBA\Downloads\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-30 10:51:10
-----------------------------
10:51:10.373 OS Version: Windows x64 6.0.6002 Service Pack 2
10:51:10.374 Number of processors: 2 586 0xF0D
10:51:10.375 ComputerName: TOSHIBA-PC UserName: TOSHIBA
10:51:12.217 Initialize success
11:34:15.490 AVAST engine defs: 12122901
11:36:03.719 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:36:03.724 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
11:36:03.747 Disk 0 MBR read successfully
11:36:03.752 Disk 0 MBR scan
11:36:03.846 Disk 0 Windows VISTA default MBR code
11:36:03.876 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:36:03.914 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229882 MB offset 3074048
11:36:03.974 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7084 MB offset 473872384
11:36:04.082 Disk 0 scanning C:\Windows\system32\drivers
11:36:35.786 Service scanning
11:37:57.544 Modules scanning
11:37:57.558 Disk 0 trace - called modules:
11:37:57.592 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:37:57.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80050a1790]
11:37:57.960 3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8003392050]
11:37:59.732 AVAST engine scan C:\Windows
11:38:07.011 AVAST engine scan C:\Windows\system32
11:49:46.410 AVAST engine scan C:\Windows\system32\drivers
11:50:17.010 AVAST engine scan C:\Users\TOSHIBA
12:00:03.023 Disk 0 MBR has been saved successfully to "C:\Users\TOSHIBA\Downloads\MBR.dat"
12:00:03.050 The log file has been saved successfully to "C:\Users\TOSHIBA\Downloads\aswMBR.txt"
12:13:45.894 AVAST engine scan C:\ProgramData
12:19:06.966 Scan finished successfully
12:24:24.374 Disk 0 MBR has been saved successfully to "C:\Users\TOSHIBA\Downloads\MBR.dat"
12:24:24.429 The log file has been saved successfully to "C:\Users\TOSHIBA\Downloads\aswMBR.txt"

**Jintan** · #20 December 31st, 2012, 01:50 AM

The logs show now Webroot and Norton and MS Security Essentials installed in some way. You will need to uninstall all of these, again likely corrupted by each other (and Panda). You can reinstall the one of your choice once we are finished with these repairs. I find it hard to believe your system ran, with all that security software installed.

The logs also show a lot of adware installed, so let's get this antivirus problem resolved so we can get started cleaning there.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Uninstall Microsoft Security Client. Reboot.

--------

Uninstall Webroot. Reboot, then go here and download and run Webroot's Removal Tool as well. Reboot again.

---------

Uninstall Symantec/Norton. Reboot.

Go here and download the Norton Removal Tool that is appropriate for your version. Then close all open windows and disable all protective software, and click the downloaded file to completely remove Norton from your system. If the removal does not cause a reboot, reboot after the tool has completed the removal. Be sure to save all registration keys before running the tool if you plan to reinstall Norton later.

If you do not recall the version that is okay - the same tool is used for most versions.

----------

Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

Yontoo 1.10.02 - Adware/spyware/search hijacker.
Privacy SafeGuard version 1.1 - Mostly a scam.
Defraggler - Not recommended.
Ask Toolbar - Adware/spyware/search hijacker.
Babylon toolbar on IE - Adware/spyware/search hijacker.
Crossrider Web Apps - Adware/spyware/search hijacker.
I Want This - Adware/spyware/search hijacker.
PriceGong 2.5.0 - Adware/spyware/search hijacker.
uTorrentControl_v2 Toolbar - Adware/spyware/search hijacker.

Then reboot.

-----------

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop. Click the RogueKiller icon next to:

(Download link) : Lien de téléchargement

.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
When prompted, type 1, and press Enter.
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

---------

Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

DRayner · #21 December 31st, 2012, 02:17 AM

Ok thanks, I will give it a shot. I will be away from my computer for a couple days but when I come back I'll let you know the results

**Jintan** · #22 January 1st, 2013, 12:17 AM

Just post when ready.

DRayner · #23 January 2nd, 2013, 04:47 PM

RogueKiller V8.4.2 _x64_ [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : TOSHIBA [Admin rights]
Mode : Scan -- Date : 01/02/2013 23:46:14

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{23403977-CDFA-451C-8216-BB3BDA2CC22A} : NameServer (202.102.152.3) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{23403977-CDFA-451C-8216-BB3BDA2CC22A} : NameServer (202.102.152.3) -> FOUND
[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableCMD (0) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542525K9SA00 +++++
--- User ---
[MBR] 346851a6f183387b2ffbad97860abb52
[BSP] 44a573e22bba6311ae07826ec4cd439f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229882 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 473872384 | Size: 7084 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate Desktop USB Device +++++
--- User ---
[MBR] 8c234a677a2fdfff1fc614339f7ae5e5
[BSP] 099353aec9f6180425c42ecb82d53e18 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01022013_02d2346.txt >>
RKreport[1]_S_01022013_02d2346.txt

DRayner · #24 January 2nd, 2013, 04:50 PM

# AdwCleaner v2.104 - Logfile created 01/02/2013 at 23:49:39
# Updated 29/12/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : TOSHIBA - TOSHIBA-PC
# Boot Mode : Normal
# Running from : C:\Users\TOSHIBA\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DealPly
Folder Found : C:\Program Files (x86)\SweetIM
Folder Found : C:\Program Files (x86)\uTorrentControl_v2
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\TOSHIBA\AppData\Local\APN
Folder Found : C:\Users\TOSHIBA\AppData\Local\Conduit
Folder Found : C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaiei mbmdda
Folder Found : C:\Users\TOSHIBA\AppData\Local\Ilivid Player
Folder Found : C:\Users\TOSHIBA\AppData\LocalLow\boost_interproce ss
Folder Found : C:\Users\TOSHIBA\AppData\LocalLow\Conduit
Folder Found : C:\Users\TOSHIBA\AppData\LocalLow\PriceGong
Folder Found : C:\Users\TOSHIBA\AppData\LocalLow\uTorrentControl_ v2
Folder Found : C:\Users\TOSHIBA\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchSco pes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl_ v2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbip ncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiah dejapggenmdmafpmbipje
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl_v2 Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox .1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox .1
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68D EBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DealPly
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\Software\SweetIM
Key Found : HKLM\Software\uTorrentControl_v2
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555 555-5555-5555-5555-550055225558}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666 666-6666-6666-6666-660066226658}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77777 777-7777-7777-7777-770077227758}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10DCBBF0-CEBB-4C25-A6F5-6345D2AE49E4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C21DAC25-8E96-4C86-AAAF-81E8167771B2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2864491281-1052238831-3070168691-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - First Home Page] = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=0002F86C&OHP=hxxp%3A%2F%2Fwebmail1. uwindsor.ca%2F&OSP=hxxp%3A%2F%2Fsearch.babylon.com %2F%3Fq%3D%7BsearchTerms%7D%26AF%3D100478%26babsrc %3DSP%5Fss%26mntrId%3Dea70fe3700000000000000215c29 7da9

-\\ Google Chrome v23.0.1271.97

File : C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9986 octets] - [02/01/2013 23:49:39]

########## EOF - C:\AdwCleaner[R1].txt - [10046 octets] ##########

**Jintan** · #25 January 3rd, 2013, 12:41 AM

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Run RogueKiller again.

•Please quit all programs
•Run RogueKiller
•Wait until the Prescan finishes
•Press: Scan

•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.

Please post the RKreport (Mode: Delete) created on the Desktop.

---------

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Then in AdwCleaner click the Uninstall button, to have it uninstall itself.

Open AdwCleaner, and click the Uninstall button to have it remove itself.

--------

Download the latest version of Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.65.0.1400.exe to install the application.

Follow all prompts, and check off all boxes except the one to load the Trial version. I just expires and causes confusion in a few weeks.

* If an update is found, it will download and install the latest version.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.

DRayner · #26 January 3rd, 2013, 03:29 AM

RogueKiller V8.4.2 _x64_ [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : TOSHIBA [Admin rights]
Mode : Scan -- Date : 01/03/2013 10:16:08

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{23403977-CDFA-451C-8216-BB3BDA2CC22A} : NameServer (202.102.152.3) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{23403977-CDFA-451C-8216-BB3BDA2CC22A} : NameServer (202.102.152.3) -> FOUND
[HJ DESK] HKCU\[...]\Services\Microsoft\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\Services\Microsoft\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542525K9SA00 +++++
--- User ---
[MBR] 346851a6f183387b2ffbad97860abb52
[BSP] 44a573e22bba6311ae07826ec4cd439f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229882 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 473872384 | Size: 7084 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate Desktop USB Device +++++
--- User ---
[MBR] 8c234a677a2fdfff1fc614339f7ae5e5
[BSP] 099353aec9f6180425c42ecb82d53e18 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01032013_02d1016.txt >>
RKreport[1]_S_01032013_02d1016.txt

DRayner · #27 January 3rd, 2013, 03:30 AM

# AdwCleaner v2.104 - Logfile created 01/03/2013 at 10:21:21
# Updated 29/12/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : TOSHIBA - TOSHIBA-PC
# Boot Mode : Normal
# Running from : C:\Users\TOSHIBA\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\DealPly
Deleted on reboot : C:\Program Files (x86)\SweetIM
Deleted on reboot : C:\Program Files (x86)\uTorrentControl_v2
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Deleted on reboot : C:\ProgramData\Premium
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\Users\TOSHIBA\AppData\Local\APN
Deleted on reboot : C:\Users\TOSHIBA\AppData\Local\Conduit
Deleted on reboot : C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaiei mbmdda
Deleted on reboot : C:\Users\TOSHIBA\AppData\Local\Ilivid Player
Deleted on reboot : C:\Users\TOSHIBA\AppData\LocalLow\boost_interproce ss
Deleted on reboot : C:\Users\TOSHIBA\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\TOSHIBA\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\TOSHIBA\AppData\LocalLow\uTorrentControl_ v2
Deleted on reboot : C:\Users\TOSHIBA\AppData\Roaming\Babylon
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchSco pes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_ v2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbip ncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiah dejapggenmdmafpmbipje
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl_v2 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox .1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68D EBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10DCBBF0-CEBB-4C25-A6F5-6345D2AE49E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C21DAC25-8E96-4C86-AAAF-81E8167771B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - First Home Page] = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=0002F86C&OHP=hxxp%3A%2F%2Fwebmail1. uwindsor.ca%2F&OSP=hxxp%3A%2F%2Fsearch.babylon.com %2F%3Fq%3D%7BsearchTerms%7D%26AF%3D100478%26babsrc %3DSP%5Fss%26mntrId%3Dea70fe3700000000000000215c29 7da9 --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

File : C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10098 octets] - [02/01/2013 23:49:39]
AdwCleaner[R2].txt - [10160 octets] - [03/01/2013 10:20:39]
AdwCleaner[S1].txt - [9429 octets] - [03/01/2013 10:21:21]

########## EOF - C:\AdwCleaner[S1].txt - [9489 octets] ##########

DRayner · #28 January 3rd, 2013, 03:47 AM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.02.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
TOSHIBA :: TOSHIBA-PC [administrator]

1/3/2013 10:43:11 AM
mbam-log-2013-01-03 (10-43-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234163
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\TOSHIBA\Downloads\A_Christmas_Story_1983_ .exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\Downloads\Rudolph_And_Frosty's_Ch ristmas_In_July_1979_FS_NTSC_DVDR (1).exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\Downloads\Rudolph_And_Frosty's_Ch ristmas_In_July_1979_FS_NTSC_DVDR.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

(end)

DRayner · #29 January 3rd, 2013, 08:28 AM

Attempted to run the esetsmartinstaller however at around 46% my computer freezes similar to what it does during disk defragmentation I was attempting before consulting you

**Jintan** · #30 January 3rd, 2013, 11:52 PM

Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Also reboot to Safe Mode and run Eset there. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
Lost wireless connection - laptop - moved by Jintan	godlesswonder	Malware Removal	3	February 1st, 2013 12:48 AM
Need Help with Laptop Not Responding and Freezing - moved by Jintan	JohnNgSF	Malware Removal	23	November 18th, 2012 12:27 AM
computer freezing, WON'T defrag - moved by Jintan	donnar	Windows Vista	20	September 19th, 2009 01:39 AM
Very odd freezing problem daily	Mitch0557	Malware Removal	2	January 19th, 2008 06:03 PM