|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
January 1st, 2013, 12:41 AM
|
|||
|
|||
|
Wifi connection crashes the computer`- moved by Jintan
Hi, I'm trying to fix up a laptop for a friend. It's a Toshiba Satellite L555-S7005, running Windows 7.
Problem When I connect to a wireless network (wifi), the computer slows down to oblivion. I don't understand. I've never seen a computer issue like this. So it goes like: Turn on computer Everything works fine, until... Connect to wifi The computer starts slowing down ~30 seconds later, freezes. (sometimes goes into the blue screen of death) What does work The computer works fine in Safe Mode with Networking on. I can connect to wifi and the computer functions no problem in Safe Mode. What I've tried I've tried uninstalling, downloading and installing the wireless driver for this computer. I ran Avast and Malwarebyte, full scans on both. It detected some things, and I deleted/quarantined them. No change in the problem. So I have no idea what's wrong. Maybe it's a hardware issue? But computer works fine with wireless on in Safe Mode, so I don't think so...? If it's a software issue, not sure what to do. Please help! Thanks! (maybe this post belongs in Windows 7 forum section? not sure.) Last edited by yeky83; January 1st, 2013 at 12:59 AM. 
|
|
#2
January 1st, 2013, 05:15 AM
|
||||
|
||||
|
Hello yeky83,
Busy (and thus slow) network kinda sounds like malware activity. Let's assume that for the moment, and check things. I'll move this request to the CTH Malware Removal Forum. Right off see if you can access Safe Mode, where the malware is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear. ---------- The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything.
|
|
#3
January 3rd, 2013, 04:54 AM
|
|||
|
|||
|
I ran everything as described, in Safe Mode with Networking, running as an administrator. Not sure if being in Safe Mode was a requirement.
OTL and aswMBR worked, and I'll post the reports. Gmer, after a long time of scanning, just gave me an error(?) saying something like "no modifications found" and stopped scanning. There was nothing for me to copy and save, so I did not get a report from Gmer. I'll try running it again and post the report. But please take a look at OTL and aswMBR! I have a limited time with this computer (I'm home from college for winter break). Thanks so much!
|
|
#4
January 3rd, 2013, 04:55 AM
|
|||
|
|||
|
OTL.txt
OTL logfile created on: 1/2/2013 4:35:26 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Soo Jung\Desktop\FIX 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 85.88% Memory free 7.49 Gb Paging File | 6.97 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.70 Gb Total Space | 176.10 Gb Free Space | 61.21% Space Free | Partition Type: NTFS Drive E: | 1.86 Gb Total Space | 0.65 Gb Free Space | 35.11% Space Free | Partition Type: FAT32 Computer Name: SOOJUNG-PC | User Name: Soo Jung | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/02 16:05:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Soo Jung\Desktop\FIX\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012/08/21 01:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2009/08/27 13:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2009/08/21 09:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009/08/04 11:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/07/29 23:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/07 09:38:24 | 000,065,904 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC) SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2012/11/29 00:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/14 07:14:59 | 004,539,712 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012/10/09 16:56:43 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/03 12:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/09/28 17:33:40 | 000,249,856 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009/08/10 19:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009/07/14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/21 01:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/08/21 01:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/08/21 01:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/08/21 01:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/08/21 01:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/08/21 01:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/07/03 12:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/04 15:26:50 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010/11/04 15:26:50 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010/11/04 15:26:48 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010/11/04 15:26:48 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010/04/16 07:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009/08/26 18:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2009/08/21 13:51:10 | 000,610,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xp) DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/30 17:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/07/30 12:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009/07/21 14:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/07/20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/02 14:55:38 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {697E1BA9-0BBE-40BB-B860-B597983B8984} IE:64bit: - HKLM\..\SearchScopes\{697E1BA9-0BBE-40BB-B860-B597983B8984}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...TSNA&bmod=TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSNA&bmod=TSNA IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{5D69805C-9342-436A-8C4E-5CAD78CD5426}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2866295 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://yahoo.com/ IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9 IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/ IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes,bProtectorDefaultScope = {ABD93EAF-D775-BC54-E63B-2804F22FD156} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes,DefaultScope = {F197F6CB-4C72-4FE8-B281-B265E00351E0} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111917&tt=4212_6&babsrc=SP_ ss&mntrId=48c4c0f7000000000000701a04c78d19 IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{155276F4-D2A3-E016-B329-F646B1D9E78C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z164&form=ZGAIDF&install _date=20111123&iesrc={referrer:source} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{34952D6E-240E-4E51-9A91-51A281873BD9}: "URL" = http://www.flickr.com/search/?q={searchTerms} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms } IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{5A0EF15E-DE48-47F4-AF02-C2DBCB848A72}: "URL" = http://search.naver.com/search.naver?where=nexearch&sm=ies_hty&query={sear chTerms} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{5D69805C-9342-436A-8C4E-5CAD78CD5426}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{A1068E60-1965-42B3-B2BE-CDBEBCA5A49A}: "URL" = http://www.mysearchresults.com/search?&c=2642&t=03&q={searchTerms} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_ name=startnow&provider_code=&partner_id=999&produc t_id=10&affiliate_id=&channel=&toolbar_id=&toolbar _version=&install_country=&install_date=20121009&u ser_guid=CC80FEE9BEF84211B93EE7E53670A2B2&machine_ id=a9439f0f87970a701d96fd3e81b720a1&browser=IE&os= win&os_version=6.1-x64-SP0&iesrc={referrer:source} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2866295 IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{DAE66C55-B186-4987-B97F-AE1A554B326B}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=616163&p={searchTerms} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{E3B0E5E2-FFBF-4C21-9497-53273E1EBD41}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA_en___US370 IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://playitall8.bingstart.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-146-0-1gySS IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{EA2EFF09-B009-4458-BF52-D702ABB05BF8}: "URL" = http://delicious.com/search?p={searchTerms} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{F197F6CB-4C72-4FE8-B281-B265E00351E0}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=616163&p={searchTerms} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\SearchScopes\{FF125E48-D715-4033-AA8B-86FF7F204469}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=616163&p={searchTerms} IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Soo Jung\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugin s\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/05 17:22:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/28 18:39:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/31 14:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soo Jung\AppData\Roaming\Mozilla\Extensions [2012/12/27 17:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soo Jung\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable [2012/12/31 14:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soo Jung\AppData\Roaming\Mozilla\Firefox\Profiles\l95s hx6v.default\extensions [2012/12/28 18:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/11/29 00:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/29 00:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/11/29 00:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://search.startnow.com/s/?src=st...on=6.1-x64-SP0 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:acceptedSuggestion}{google:originalQueryF orSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputE ncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&hl={language}&q={searc hTerms} CHR - homepage: http://search.startnow.com/s/?src=st...on=6.1-x64-SP0 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoo gleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.d ll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf 32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Soo Jung\AppData\Roaming\Mozilla\plugins\npgoogletalk. dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Soo Jung\AppData\Roaming\Mozilla\plugins\npgtpo3dautop lugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Soo Jung\AppData\Local\Google\Update\1.3.21.115\npGoog leUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Soo Jung\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugin s\npybrowserplus_2.9.8.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Soo Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Soo Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\ CHR - Extension: Savings Sidekick = C:\Users\Soo Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaei gmoebo\1.20.40_0\crossrider CHR - Extension: Savings Sidekick = C:\Users\Soo Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaei gmoebo\1.20.40_0\ CHR - Extension: avast! WebRep = C:\Users\Soo Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\7.0.1466_0\ CHR - Extension: Unblock Youku = C:\Users\Soo Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjei ghnddk\2.6.0.16_0\ CHR - Extension: Gmail = C:\Users\Soo Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\ O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-196286872-3739319904-2467769196-1001..\Run: [Akamai NetSession Interface] C:\Users\Soo Jung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-196286872-3739319904-2467769196-1001..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe (Oberon Media ) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HideSCAHealth = 1 O7 - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll/cmsidewiki.html File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-196286872-3739319904-2467769196-1001\..Trusted Domains: internet ([]about in Trusted sites) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/stg_drm.ocx (Reg Error: Key error.) O16 - DPF: {7DC257DD-4939-4F16-B8AF-0A74F9080B64} http://kspay.ksnet.to/store/KSPayAct...NETPayMain.cab (KSNETPayMain Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop.co.kr/ssl/MSecure.cab (MakeShop Secure Control) O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/Daum...ab?ver=2,0,1,3 (Daum ActiveX manager Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{216A3054-B68F-4653-8CA6-FB5EF3F2B7E0}: DhcpNameServer = 168.126.63.1 168.126.63.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{56A16C0A-3B98-4ADA-92E8-E8FDD22F2954}: DhcpNameServer = 172.16.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{63DD3C85-9AE1-4D6F-854E-272389AD53FC}: NameServer = 203.144.95.100 203.144.65.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{A6510062-809E-4DB2-816F-D46A5B1074A5}: NameServer = 203.144.95.100 203.144.65.2 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{107f6fc7-b718-11e0-b100-002622fd9ccf}\Shell - "" = AutoRun O33 - MountPoints2\{107f6fc7-b718-11e0-b100-002622fd9ccf}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe O33 - MountPoints2\{1566fa1e-ea65-11e1-9110-001e101f63cf}\Shell - "" = AutoRun O33 - MountPoints2\{1566fa1e-ea65-11e1-9110-001e101f63cf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f5fbc11f-debc-11e1-95b4-002622fd9ccf}\Shell - "" = AutoRun O33 - MountPoints2\{f5fbc11f-debc-11e1-95b4-002622fd9ccf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f5fbc12c-debc-11e1-95b4-002622fd9ccf}\Shell - "" = AutoRun O33 - MountPoints2\{f5fbc12c-debc-11e1-95b4-002622fd9ccf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f5fbc33a-debc-11e1-95b4-001e101f8056}\Shell - "" = AutoRun O33 - MountPoints2\{f5fbc33a-debc-11e1-95b4-001e101f8056}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/02 16:34:58 | 000,000,000 | ---D | C] -- C:\Users\Soo Jung\Desktop\FIX [2012/12/31 15:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/12/29 00:44:29 | 000,000,000 | ---D | C] -- C:\Users\Soo Jung\Desktop\FirefoxPortable [2012/12/29 00:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2012/12/29 00:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2012/12/28 18:41:15 | 021,344,256 | ---- | C] (PortableApps.com) -- C:\Users\Soo Jung\Desktop\FirefoxPortable_17.0.1_English.paf.ex e [2012/12/28 18:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/12/28 18:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/12/28 15:55:14 | 015,728,568 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2012/12/27 17:23:56 | 000,000,000 | ---D | C] -- C:\Users\Soo Jung\AppData\Local\Mozilla [2012/12/25 18:52:45 | 000,000,000 | ---D | C] -- C:\Users\Soo Jung\AppData\Local\Microsoft Games [2010/03/12 22:22:44 | 001,924,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Soo Jung\install_flash_player.exe [4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Soo Jung\Documents\*.tmp files -> C:\Users\Soo Jung\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/02 16:30:22 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2013/01/02 16:30:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/01/02 16:30:00 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys [2012/12/31 16:26:30 | 000,012,982 | ---- | M] () -- C:\Users\Soo Jung\Documents\cc_20121231_162627.reg [2012/12/31 16:22:44 | 000,204,480 | ---- | M] () -- C:\Users\Soo Jung\Documents\cc_20121231_162239.reg [2012/12/31 15:40:25 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/12/31 14:58:23 | 000,742,920 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/12/31 14:58:23 | 000,635,638 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/12/31 14:58:23 | 000,111,526 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/12/31 14:57:41 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/31 10:47:18 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/31 09:53:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/12/30 23:20:49 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/30 23:20:49 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/29 00:21:28 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk [2012/12/28 18:51:59 | 021,344,256 | ---- | M] (PortableApps.com) -- C:\Users\Soo Jung\Desktop\FirefoxPortable_17.0.1_English.paf.ex e [2012/12/28 18:39:09 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/12/28 16:03:55 | 457,218,787 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/12/28 15:55:14 | 015,728,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2012/12/25 19:06:51 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/12/22 11:39:12 | 000,366,299 | ---- | M] () -- C:\Users\Soo Jung\Desktop\freedom summit.jpg [2012/12/20 18:30:47 | 001,639,629 | ---- | M] () -- C:\Users\Soo Jung\Desktop\ncbc ym student info.mht [4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Soo Jung\Documents\*.tmp files -> C:\Users\Soo Jung\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/31 16:26:28 | 000,012,982 | ---- | C] () -- C:\Users\Soo Jung\Documents\cc_20121231_162627.reg [2012/12/31 16:22:41 | 000,204,480 | ---- | C] () -- C:\Users\Soo Jung\Documents\cc_20121231_162239.reg [2012/12/31 15:40:25 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/12/29 00:21:28 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk [2012/12/28 18:39:09 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/12/28 18:39:09 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/12/22 11:39:58 | 000,366,299 | ---- | C] () -- C:\Users\Soo Jung\Desktop\freedom summit.jpg [2012/12/20 18:30:45 | 001,639,629 | ---- | C] () -- C:\Users\Soo Jung\Desktop\ncbc ym student info.mht [2012/09/30 21:17:22 | 000,039,904 | ---- | C] () -- C:\windows\SysWow64\dischandler.exe [2012/09/29 14:47:28 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\Formats.ini [2012/09/24 21:30:54 | 003,915,776 | ---- | C] () -- C:\windows\SysWow64\ffmpeg.dll [2012/09/24 21:30:04 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll [2012/09/24 21:29:20 | 000,271,360 | ---- | C] () -- C:\windows\SysWow64\TomsMoComp_ff.dll [2012/09/24 21:29:00 | 000,157,184 | ---- | C] () -- C:\windows\SysWow64\ff_unrar.dll [2012/09/24 21:29:00 | 000,147,456 | ---- | C] () -- C:\windows\SysWow64\ff_libmad.dll [2012/09/24 21:29:00 | 000,099,840 | ---- | C] () -- C:\windows\SysWow64\ff_wmv9.dll [2012/09/24 21:28:58 | 001,525,760 | ---- | C] () -- C:\windows\SysWow64\ff_samplerate.dll [2012/09/24 21:28:58 | 000,211,968 | ---- | C] () -- C:\windows\SysWow64\ff_libdts.dll [2012/09/24 21:28:58 | 000,114,688 | ---- | C] () -- C:\windows\SysWow64\ff_liba52.dll [2012/09/12 18:05:25 | 000,000,000 | ---- | C] () -- C:\windows\iplayer.INI [2012/08/06 01:40:27 | 000,756,418 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012/07/19 10:56:08 | 000,172,544 | ---- | C] () -- C:\windows\SysWow64\libbluray.dll [2012/07/19 10:56:02 | 006,894,331 | ---- | C] () -- C:\windows\SysWow64\avcodec-lav-54.dll [2012/07/19 10:56:02 | 001,111,581 | ---- | C] () -- C:\windows\SysWow64\avformat-lav-54.dll [2012/07/19 10:56:02 | 000,401,685 | ---- | C] () -- C:\windows\SysWow64\swscale-lav-2.dll [2012/07/19 10:56:02 | 000,232,895 | ---- | C] () -- C:\windows\SysWow64\avutil-lav-51.dll [2012/07/19 10:56:02 | 000,162,743 | ---- | C] () -- C:\windows\SysWow64\avfilter-lav-3.dll [2012/07/19 10:56:02 | 000,101,820 | ---- | C] () -- C:\windows\SysWow64\avresample-lav-0.dll [2012/06/03 20:15:06 | 000,000,693 | ---- | C] () -- C:\Users\Soo Jung\AppData\Roaming\result.db [2011/12/07 11:32:24 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\Lagarith.dll [2011/09/08 06:00:52 | 000,150,528 | ---- | C] () -- C:\windows\SysWow64\mkx.dll [2011/09/08 06:00:48 | 000,142,336 | ---- | C] () -- C:\windows\SysWow64\mp4.dll [2011/09/08 06:00:42 | 000,123,392 | ---- | C] () -- C:\windows\SysWow64\ogm.dll [2011/09/08 06:00:38 | 000,249,856 | ---- | C] () -- C:\windows\SysWow64\dxr.dll [2011/09/08 06:00:34 | 000,113,152 | ---- | C] () -- C:\windows\SysWow64\dsmux.exe [2011/09/08 06:00:24 | 000,154,624 | ---- | C] () -- C:\windows\SysWow64\ts.dll [2011/09/08 06:00:10 | 000,137,728 | ---- | C] () -- C:\windows\SysWow64\mkv2vfr.exe [2011/09/08 06:00:06 | 000,358,400 | ---- | C] () -- C:\windows\SysWow64\gdsmux.exe [2011/09/08 05:59:54 | 000,080,384 | ---- | C] () -- C:\windows\SysWow64\mkzlib.dll [2011/09/08 05:59:52 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\mkunicode.dll [2011/06/23 19:58:32 | 000,242,259 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2011/06/23 19:58:04 | 000,877,296 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2011/06/11 07:50:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/03/03 03:39:56 | 000,109,568 | ---- | C] () -- C:\windows\SysWow64\avi.dll [2011/03/03 03:38:10 | 000,097,792 | ---- | C] () -- C:\windows\SysWow64\avs.dll [2011/03/03 03:37:50 | 000,093,184 | ---- | C] () -- C:\windows\SysWow64\avss.dll [2011/02/20 21:38:24 | 000,000,016 | ---- | C] () -- C:\windows\popcinfo.dat [2011/02/11 02:26:20 | 000,237,568 | ---- | C] () -- C:\windows\SysWow64\OptimFROG.dll ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2012/09/03 08:10:52 | 000,013,489 | ---- | M] ()(C:\Users\Soo Jung\Documents\?? ??.docx) -- C:\Users\Soo Jung\Documents\하이 유정.docx [2012/09/03 08:10:52 | 000,013,489 | ---- | C] ()(C:\Users\Soo Jung\Documents\?? ??.docx) -- C:\Users\Soo Jung\Documents\하이 유정.docx ========== Alternate Data Streams ========== @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:5095D8B1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:55422315 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57DC3B52 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C7F04040 < End of report >
|
|
#5
January 3rd, 2013, 04:55 AM
|
|||
|
|||
|
Extras.txt
OTL Extras logfile created on: 1/2/2013 4:35:26 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Soo Jung\Desktop\FIX 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 85.88% Memory free 7.49 Gb Paging File | 6.97 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.70 Gb Total Space | 176.10 Gb Free Space | 61.21% Space Free | Partition Type: NTFS Drive E: | 1.86 Gb Total Space | 0.65 Gb Free Space | 35.11% Space Free | Partition Type: FAT32 Computer Name: SOOJUNG-PC | User Name: Soo Jung | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{016CB1FA-CF09-455F-9A37-C37DAFE319D7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2057D648-7441-413B-91EA-266036D548B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{20FCCB2B-0E84-44E5-89C2-45123657F41A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2703B3D1-BED5-4B3D-86B1-A1FE528E9F7B}" = lport=137 | protocol=17 | dir=in | app=system | "{32F88085-81F1-45E1-8C44-4B14626FF53E}" = lport=2869 | protocol=6 | dir=in | app=system | "{3CC685A5-99FD-4586-87A9-5DC26DEE3DCF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{4299281B-0972-470D-A26D-9D1DD336BEBE}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface | "{510D272B-F31A-45D1-B100-4CC292331500}" = rport=139 | protocol=6 | dir=out | app=system | "{53DE3825-96D5-4033-B1F0-C3DD161BFB65}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5A01BCA1-AB4D-4B82-9205-361CBBC5C34B}" = rport=138 | protocol=17 | dir=out | app=system | "{5E73A61D-1EA6-4081-90E5-91A3860888CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{61064F7B-DEB2-4681-BE8B-8E1F87627297}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6F524C38-D39E-47A4-A73C-387DCE5DE9E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{80077155-C9F8-42FA-B6F4-90CA635F77BE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8054AA99-D1EA-409D-A5DC-E62C8A269C47}" = lport=2869 | protocol=6 | dir=in | app=system | "{852F4D71-CBF1-4A9A-BC9D-A10E98686993}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8D08768B-CAE9-4A9B-8541-C89875554214}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8FCB275A-4590-42F1-9D01-75FA92A155DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{92DDF411-FE5D-478F-AEF2-E0A13E4CC73D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9F5147D9-D7D6-4265-859C-8C0290322808}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BB1DAA93-8C25-4A79-B277-D43A4CD4D07B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BBA064FE-AE80-44CA-A8FC-9E631CA88505}" = rport=10243 | protocol=6 | dir=out | app=system | "{BBC24968-8D70-4954-A7FB-A328467B9840}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BE7044C1-1CC3-4367-B884-2E9BEF62AE72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BF0145D9-5AC9-41AE-BAFA-188BA5B7D9CF}" = rport=445 | protocol=6 | dir=out | app=system | "{CA201C74-6194-44BD-805B-11A83F1585FE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{D35C8F63-780D-47EC-BC90-0E9711505D35}" = rport=137 | protocol=17 | dir=out | app=system | "{D415169B-260B-4E39-8CA4-A6687A235632}" = lport=445 | protocol=6 | dir=in | app=system | "{D523BCD2-2E26-4EFD-B6A2-136E7AE74C6E}" = lport=138 | protocol=17 | dir=in | app=system | "{D8023A79-F6A3-43B4-92EA-BD8F6F352C3A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{DED794F2-0D66-4A89-B1D0-EC5F0D6CC835}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EA542547-3DC9-47C2-BF6F-B944B4C8D46C}" = lport=49170 | protocol=6 | dir=in | name=akamai netsession interface | "{EE56BFE8-4F58-4B60-AC47-E5565CC63108}" = lport=139 | protocol=6 | dir=in | app=system | "{F12BEA3A-9029-4CE4-956F-2B9647EA0E0C}" = lport=10243 | protocol=6 | dir=in | app=system | "{FC7D7921-B958-462D-8153-785F69F87C0D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{FF8C2B74-952E-4991-9202-2FA80A2E1905}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0C6D1DA6-3486-4472-8819-5A13B476EA0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0F2567FE-9067-4C72-B524-B9709ED25504}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{10524127-58A4-4092-8DC3-3F7FDA5E55AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1481DF2C-4D47-401B-9BC1-EB1C68ED048F}" = protocol=6 | dir=out | app=system | "{167F48A0-B948-4B7E-AF53-60F79EF78623}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{1F2F3ABE-0CAE-41B1-9058-B9706A46C912}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2277310B-99ED-4456-BB54-209AFB4BE233}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{236154D8-C2BF-4B95-AB0C-E95EBDCF9351}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{26F15C92-94EB-4A6A-8A52-83376AE32FDF}" = protocol=17 | dir=in | app=c:\users\soo jung\appdata\local\google\google talk plugin\googletalkplugin.exe | "{274A68AA-DFB3-4B73-808F-78F1EE6A0018}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{280E5486-7408-46B2-A298-49FC7F41983A}" = protocol=6 | dir=in | app=c:\users\soo jung\appdata\local\google\google talk plugin\googletalkplugin.exe | "{35744A5E-B51F-4F22-9175-2228FDE38C26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{41BEC14B-AE72-4495-91D9-B9A5AFED0539}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{59CF3195-9CF7-4C9F-82EC-BFB67BA3345C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5B0D97FC-5B85-476A-8094-D72CC605111D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5C29633C-1BE8-4683-99A4-B26D0581C113}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5DB1B3DD-7386-4D2B-A535-0B83D80CF164}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{79128B81-E5F4-45BB-A06B-82B95547BC2D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{79F34223-A375-4058-BA7D-0146E4D383EF}" = protocol=6 | dir=in | app=c:\users\soo jung\appdata\local\akamai\netsession_win.exe | "{7F4A5817-78D7-42EA-974E-FF1902CCC68F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7FDB693F-B285-4266-B44E-6AC1F8A4ACFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{83CDE496-E6D8-4410-AE4C-5E3FCCCCEF41}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{86325471-9E8A-4D3C-BD8F-A1201CB50CF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8659077F-7E60-47D2-9C1D-6802733F656E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8CFB02E0-E010-4802-988D-EAC9B574C607}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{914BE12B-AB10-455E-9A8D-3A0ABCE08F56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9E63B580-2CFF-4679-84B4-ED8BE957A159}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A274FA1E-BDE0-432F-B310-E4E698C6CD1C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{A87C3C88-D8CD-4353-B9CD-1F01E778B7D2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{AD912427-BBFF-4FE5-BB63-3106D43868CE}" = dir=out | app=c:\users\soo jung\videos\veoh\veohwebplayersetup_us_upgrade.exe | "{B36F8378-DB3A-49D1-9304-5DA608B0C8C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BC3B6458-D8F9-4BE6-BF32-3FD51CEB1D20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C2703EC5-0928-4914-B4D7-B2B73B60DF12}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C7396D41-0BB7-4142-9896-E15A8CCB9245}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{D1190385-8760-4454-A498-7FC3C468BB62}" = protocol=17 | dir=in | app=c:\users\soo jung\appdata\local\akamai\netsession_win.exe | "{D66D9F11-ED6E-45AD-A98D-1DB98A8F18A4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{E25F0659-BF51-4C7E-AAD4-3B9BE7DFB856}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E2FD5670-9844-4603-89B7-32CB93B93E95}" = dir=in | app=c:\users\soo jung\videos\veoh\veohwebplayersetup_us_upgrade.exe | "{EBECD32E-9A1F-4183-BD49-BFB01C90FAE0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FE8FF2E6-3453-452F-A1BC-CF55B355B22D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{07B87887-4FAD-4E7D-B946-F6C582D1C786}C:\users\soo jung\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\soo jung\appdata\local\akamai\netsession_win.exe | "UDP Query User{9F234F00-BDFD-4756-B473-8117AB646429}C:\users\soo jung\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\soo jung\appdata\local\akamai\netsession_win.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{A0880F03-8480-482E-1606-BC91669B0882}" = ATI Catalyst Install Manager "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.21 "LTMOH" = LSI V92 MOH Application "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian "{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist "{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian "{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech "{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish "{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A21E6CD8-70E4-45CF-A1A8-FC1584D8523E}" = Daum ActiveX ÄÁÆ®·Ñ - Daum ?? ????? "{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish "{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy "{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation "{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher "{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E52F8D95-AEB5-3B67-879C-C59DF8AF88EE}" = Google Talk Plugin "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree "{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface Service "ATT-HSI" = ATT-HSI "avast" = avast! Free Antivirus "Cellcard 3G" = Cellcard 3G "ENTERPRISE" = Microsoft Office Enterprise 2007 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "InterActual Player" = InterActual Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Media Player - Codec Pack" = Media Player Codec Pack 4.2.3 "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite_Wave3" = Windows Live Essentials "WT078087" = Blackhawk Striker 2 "WT078109" = FATE Undiscovered Realms "WT078123" = Monopoly "WT078129" = Polar Bowler "WT078130" = Virtual Families "WT078308" = Bejeweled 2 Deluxe "WT078349" = Mystery P.I. - The Vegas Heist "WT078385" = Virtual Villagers - The Secret City "WT078475" = Scrabble Plus "WT078491" = Faerie Solitaire ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-196286872-3739319904-2467769196-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall] "Akamai" = Akamai NetSession Interface ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/29/2012 4:46:02 AM | Computer Name = SooJung-PC | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x509b4379 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x509b4379 Exception code: 0xc0000005 Fault offset: 0x00002c90 Faulting process id: 0x784 Faulting application start time: 0x01cde5a0e1c1950e Faulting application path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Report Id: 2c2b3d23-5194-11e2-b8b8-002622fd9ccf Error - 12/29/2012 4:57:09 AM | Computer Name = SooJung-PC | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x509b4379 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x509b4379 Exception code: 0xc0000005 Fault offset: 0x00002c90 Faulting process id: 0x76c Faulting application start time: 0x01cde5a27171876a Faulting application path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Report Id: b9fcbae9-5195-11e2-b808-002622fd9ccf Error - 12/29/2012 5:29:23 AM | Computer Name = SooJung-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/29/2012 5:29:23 AM | Computer Name = SooJung-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 530965 Error - 12/29/2012 5:29:23 AM | Computer Name = SooJung-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 530965 Error - 12/31/2012 3:35:02 PM | Computer Name = SooJung-PC | Source = PerfNet | ID = 2004 Description = Error - 12/31/2012 3:37:06 PM | Computer Name = SooJung-PC | Source = PerfNet | ID = 2004 Description = Error - 12/31/2012 3:43:06 PM | Computer Name = SooJung-PC | Source = PerfNet | ID = 2004 Description = Error - 12/31/2012 8:15:58 PM | Computer Name = SooJung-PC | Source = PerfNet | ID = 2004 Description = Error - 12/31/2012 8:18:03 PM | Computer Name = SooJung-PC | Source = PerfNet | ID = 2004 Description = Error - 12/31/2012 8:24:03 PM | Computer Name = SooJung-PC | Source = PerfNet | ID = 2004 Description = [ Media Center Events ] Error - 10/26/2012 7:50:02 PM | Computer Name = SooJung-PC | Source = MCUpdate | ID = 0 Description = 4:49:48 PM - Error connecting to the internet. 4:49:48 PM - Unable to contact server.. Error - 11/12/2012 1:15:08 PM | Computer Name = SooJung-PC | Source = MCUpdate | ID = 0 Description = 9:15:08 AM - Error connecting to the internet. 9:15:08 AM - Unable to contact server.. Error - 11/12/2012 1:15:23 PM | Computer Name = SooJung-PC | Source = MCUpdate | ID = 0 Description = 9:15:13 AM - Error connecting to the internet. 9:15:13 AM - Unable to contact server.. Error - 11/12/2012 4:46:02 PM | Computer Name = SooJung-PC | Source = MCUpdate | ID = 0 Description = 12:46:02 PM - Error connecting to the internet. 12:46:02 PM - Unable to contact server.. Error - 11/12/2012 4:46:10 PM | Computer Name = SooJung-PC | Source = MCUpdate | ID = 0 Description = 12:46:07 PM - Error connecting to the internet. 12:46:07 PM - Unable to contact server.. Error - 11/14/2012 9:00:02 PM | Computer Name = SooJung-PC | Source = MCUpdate | ID = 0 Description = 5:00:02 PM - Error connecting to the internet. 5:00:02 PM - Unable to contact server.. Error - 11/14/2012 9:00:15 PM | Computer Name = SooJung-PC | Source = MCUpdate | ID = 0 Description = 5:00:08 PM - Error connecting to the internet. 5:00:08 PM - Unable to contact server.. Error - 11/19/2012 8:26:18 PM | Computer Name = SooJung-PC | Source = MCUpdate | ID = 0 Description = 4:26:18 PM - Error connecting to the internet. 4:26:18 PM - Unable to contact server.. Error - 11/19/2012 8:26:39 PM | Computer Name = SooJung-PC | Source = MCUpdate | ID = 0 Description = 4:26:24 PM - Error connecting to the internet. 4:26:24 PM - Unable to contact server.. Error - 11/30/2012 9:10:27 PM | Computer Name = SooJung-PC | Source = MCUpdate | ID = 0 Description = 5:10:17 PM - Error connecting to the internet. 5:10:17 PM - Unable to contact server.. [ OSession Events ] Error - 9/25/2012 4:27:45 AM | Computer Name = SooJung-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 122 seconds with 0 seconds of active time. This session ended with a crash. Error - 9/25/2012 4:29:37 AM | Computer Name = SooJung-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 1/2/2013 8:26:06 PM | Computer Name = SooJung-PC | Source = DCOM | ID = 10005 Description = Error - 1/2/2013 8:26:11 PM | Computer Name = SooJung-PC | Source = DCOM | ID = 10005 Description = Error - 1/2/2013 8:26:13 PM | Computer Name = SooJung-PC | Source = DCOM | ID = 10005 Description = Error - 1/2/2013 8:26:13 PM | Computer Name = SooJung-PC | Source = DCOM | ID = 10005 Description = Error - 1/2/2013 8:30:10 PM | Computer Name = SooJung-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 4:27:53 PM on ?1/?2/?2013 was unexpected. Error - 1/2/2013 8:30:26 PM | Computer Name = SooJung-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6 Error - 1/2/2013 8:30:27 PM | Computer Name = SooJung-PC | Source = DCOM | ID = 10005 Description = Error - 1/2/2013 8:30:34 PM | Computer Name = SooJung-PC | Source = DCOM | ID = 10005 Description = Error - 1/2/2013 8:30:38 PM | Computer Name = SooJung-PC | Source = DCOM | ID = 10005 Description = Error - 1/2/2013 8:30:40 PM | Computer Name = SooJung-PC | Source = DCOM | ID = 10005 Description = < End of report >
|
|
#6
January 3rd, 2013, 04:56 AM
|
|||
|
|||
|
aswMBR.txt
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-01-02 19:19:19 ----------------------------- 19:19:19.603 OS Version: Windows x64 6.1.7600 19:19:19.603 Number of processors: 2 586 0x602 19:19:19.603 ComputerName: SOOJUNG-PC UserName: Soo Jung 19:19:20.258 Initialize success 19:19:20.336 AVAST engine defs: 12092500 19:19:44.550 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 19:19:44.550 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020M Size: 305245MB BusType: 11 19:19:44.566 Disk 0 MBR read successfully 19:19:44.581 Disk 0 MBR scan 19:19:45.273 Disk 0 Windows VISTA default MBR code 19:19:45.295 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 19:19:46.317 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294603 MB offset 3074048 19:19:46.410 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9141 MB offset 606420992 19:19:46.941 Disk 0 scanning C:\windows\system32\drivers 19:20:03.680 Service scanning 19:20:41.166 Modules scanning 19:20:41.166 Disk 0 trace - called modules: 19:20:41.221 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 19:20:41.222 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a01060] 19:20:41.222 3 CLASSPNP.SYS[fffff880019b143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049bf060] 19:20:42.137 AVAST engine scan C:\windows 19:20:44.071 AVAST engine scan C:\windows\system32 19:23:51.832 AVAST engine scan C:\windows\system32\drivers 19:24:01.733 AVAST engine scan C:\Users\Soo Jung 19:29:42.483 AVAST engine scan C:\ProgramData 19:31:37.439 Scan finished successfully 19:36:35.468 Disk 0 MBR has been saved successfully to "C:\Users\Soo Jung\Desktop\FIX\Reports\MBR.dat" 19:36:35.474 The log file has been saved successfully to "C:\Users\Soo Jung\Desktop\FIX\Reports\aswMBR.txt"
|
|
#7
January 3rd, 2013, 06:46 PM
|
|||
|
|||
|
I ran Gmer again. It scanned for a good while then gave me the same error as before, something like "No system modifications were found." Then the scan stopped and there was no report to copy and save.
Am I running Gmer wrongly? Well, I hope the OTL and aswMBR reports help! Thank you.
|
|
#8
January 4th, 2013, 12:54 AM
|
||||
|
||||
|
Really nothing so far. The Weather Channel Desktop 6 is adware, but not enough to really slow things down.
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop. Click the RogueKiller icon next to: (Download link) : Lien de téléchargement  .Close all open programs Remember to right click -> run as administrator, and click the downloaded file. When prompted, type 1, and press Enter. A RKreport.txt will be created in the same location as the RogueKiller file. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again. Please post the contents of the RKreport.txt. --------- Please download AdwCleaner by Xplode onto your desktop.
|
|
#9
January 5th, 2013, 12:51 AM
|
|||
|
|||
|
I think the RogueKiller program has been updated..? The process to scan and obtain a report was different than you described.
Roguekiller: RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Safe mode with network support User : Soo Jung [Admin rights] Mode : Scan -- Date : 01/04/2013 15:45:00 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 13 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{63DD3C85-9AE1-4D6F-854E-272389AD53FC} : NameServer (203.144.95.100 203.144.65.2) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{A6510062-809E-4DB2-816F-D46A5B1074A5} : NameServer (203.144.95.100 203.144.65.2) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{63DD3C85-9AE1-4D6F-854E-272389AD53FC} : NameServer (203.144.95.100 203.144.65.2) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{A6510062-809E-4DB2-816F-D46A5B1074A5} : NameServer (203.144.95.100 203.144.65.2) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3263GSX ATA Device +++++ --- User --- [MBR] 2d064189859ddab840883a8668e51f50 [BSP] 9b9284ace17357bc81c960ad077b6017 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 294603 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606420992 | Size: 9141 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01042013_02d1545.txt >> RKreport[1]_S_01042013_02d1545.txt
|
|
#10
January 5th, 2013, 12:51 AM
|
|||
|
|||
|
Adwcleaner:
# AdwCleaner v2.104 - Logfile created 01/04/2013 at 15:47:55 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Soo Jung - SOOJUNG-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Soo Jung\Desktop\FIX\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** File Found : C:\user.js File Found : C:\Users\Public\Desktop\iLivid.lnk Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com Folder Found : C:\Program Files (x86)\GamesBar Folder Found : C:\Program Files (x86)\Savings Sidekick Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\IBUpdaterService Folder Found : C:\ProgramData\Partner Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\ProgramData\Veoh Manager Folder Found : C:\Users\Soo Jung\AppData\Local\APN Folder Found : C:\Users\Soo Jung\AppData\Local\Conduit Folder Found : C:\Users\Soo Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaei gmoebo Folder Found : C:\Users\Soo Jung\AppData\Local\Savings Sidekick Folder Found : C:\Users\Soo Jung\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Soo Jung\AppData\LocalLow\PriceGong Folder Found : C:\Users\Soo Jung\AppData\Roaming\Babylon Folder Found : C:\Users\Soo Jung\AppData\Roaming\OpenCandy Folder Found : C:\Users\SOOJUN~1\AppData\Local\Temp\boost_interpr ocess ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\Freecause Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\Savings Sidekick Key Found : HKCU\Software\AppDataLow\Software\Toolbar Key Found : HKCU\Software\bProtector Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\Default Tab Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \bProtectSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Found : HKCU\Software\Zugo Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\bProtector Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\Default Tab Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI 32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMAN CS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \dhdepfaagokllfmhfbcfmocaeigmoebo Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055465539} Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Found : HKLM\SOFTWARE\Software Key Found : HKLM\SOFTWARE\Tarma Installer Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-196286872-3739319904-2467769196-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-196286872-3739319904-2467769196-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16450 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Soo Jung\AppData\Roaming\Mozilla\Firefox\Profiles\l95s hx6v.default\prefs.js [OK] File is clean. -\\ Google Chrome v22.0.1229.94 File : C:\Users\Soo Jung\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.11] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&pr ovider_code=&partner_id=999&product_id=10&affiliat e_id=&channel=&toolbar_id=&toolbar_version=&instal l_country=&install_date=20121009&user_guid=CC80FEE 9BEF84211B93EE7E53670A2B2&machine_id=a9439f0f87970 a701d96fd3e81b720a1&browser=CR&os=win&os_version=6 .1-x64-SP0", Found [l.15] : urls_to_restore_on_startup = [ "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&pr ovider_code=&partner_id=999&product_id=10&affiliat e_id=&channel=&toolbar_id=&toolbar_version=&instal l_country=&install_date=20121009&user_guid=CC80FEE 9BEF84211B93EE7E53670A2B2&machine_id=a9439f0f87970 a701d96fd3e81b720a1&browser=CR&os=win&os_version=6 .1-x64-SP0" ] Found [l.1698] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&pr ovider_code=&partner_id=999&product_id=10&affiliat e_id=&channel=&toolbar_id=&toolbar_version=&instal l_country=&install_date=20121009&user_guid=CC80FEE 9BEF84211B93EE7E53670A2B2&machine_id=a9439f0f87970 a701d96fd3e81b720a1&browser=CR&os=win&os_version=6 .1-x64-SP0", Found [l.2103] : urls_to_restore_on_startup = [ "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&pr ovider_code=&partner_id=999&product_id=10&affiliat e_id=&channel=&toolbar_id=&toolbar_version=&instal l_country=&install_date=20121009&user_guid=CC80FEE 9BEF84211B93EE7E53670A2B2&machine_id=a9439f0f87970 a701d96fd3e81b720a1&browser=CR&os=win&os_version=6 .1-x64-SP0" ] ************************* AdwCleaner[R1].txt - [8467 octets] - [04/01/2013 15:47:55] ########## EOF - C:\AdwCleaner[R1].txt - [8527 octets] ##########
|
|
#11
January 5th, 2013, 12:59 AM
|
|||
|
|||
|
If nothing's come up yet, maybe it's not a malware problem after all?
RogueCleaner and AdwCleaner both detected something (I think), but I did not delete any of the detected stuff. Awaiting instructions... Can I try updating/reinstalling the video driver? Would it detract from this malware finding process?
|
|
#12
January 5th, 2013, 01:55 AM
|
||||
|
||||
|
Hold off on any updating until we are finished with our work here. Rogue Killer shows a DNS redirect to a know spam site.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Run RogueKiller again. •Please quit all programs •Run RogueKiller •Wait until the Prescan finishes •Press: Scan •On the RogueKiller console, click the Registry tab. •Make sure the entries there are checked. •Then, press the [Delete] button. Please post the RKreport (Mode: Delete) created on the Desktop. ---------
Then in AdwCleaner click the Uninstall button, to have it uninstall itself. Open AdwCleaner, and click the Uninstall button to have it remove itself. ---------- Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
|
|
#13
January 5th, 2013, 01:59 AM
|
|||
|
|||
|
If it helps at all:
When the computer starts freezing under the conditions described in the first post, the Task Manager displays that no Process takes up a huge CPU capacity (no process showing higher than ~05) and the Performance graph stays low-ish. CPU Usage is below ~20%, Memory stays around 1 GB. This is what I don't understand. There's apparently no extra load on the CPU yet programs go in the "(Not Responding)" state. And eventually the whole computer freezes. GAH! How can the computer refuse to respond (seem like it's under heavy load) while the CPU is basically idle? That's why I suggested reinstalling the GPU driver. Maybe something's heavily loading the GPU processes? I actually went ahead and installed a new ATI video driver, but no change in the problem. I dunno. I'm in over my head. Thanks for taking your time with me! Let me know the next steps.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Lost wireless connection - laptop - moved by Jintan | godlesswonder | Malware Removal | 3 | February 1st, 2013 12:48 AM |
| Cleaning out Computer help!! - moved by Jintan | goonproductions | Malware Removal | 24 | January 17th, 2013 12:26 AM |
| Firefox Crashes when Open "File Search" Windows - Moved by Jintan | CyberTrek | Malware Removal | 19 | October 28th, 2012 01:08 AM |
| Computer may be infected - Moved by Jintan | Jerry56 | Windows XP | 97 | October 4th, 2012 12:35 AM |
| 2 Computers, 1 Internet connection - moved by Jintan | Nds15 | Malware Removal | 23 | December 6th, 2009 03:39 AM |
All times are GMT +1. The time now is 07:33 AM.