Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

arestocrat virus/malware/spyware [Solved]


  • This topic is locked This topic is locked

#1
selmore

selmore

    New Member

  • Member
  • Pip
  • 5 posts
I seem to have the arestocrat virus/malware/spyware problem on my laptop. I have downloaded OTL to another computer, but I cannot boot the laptop into safe mode at all to run.
I can remote into it and move the OTL executable to the laptop, but again cannot run as the arestocrat won't allow me to do anything.

What can I do ? Thank you for your help.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is the operating system on the laptop ?

I.e XP, Vista, 7 or 8
Also is it 32 or 64bit
  • 0

#3
selmore

selmore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Win7 32bit
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You will need a USB drive of at least 1Gb for this

Download the following three programmes to your desktop :


1. Rufus

For 32bit systems
2. Windows 7 RC
3. Farbar Recovery Scan Tool


Insert the USB stick Then run Rufus
Posted Image
Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Posted Image
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7.
Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#5
selmore

selmore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks - Here's the log :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 23 days old)
Ran by SYSTEM at 05-04-2013 13:29:23
Running from G:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [] [x]
HKLM\...\Run: [IMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [112152 2010-12-24] (Intel Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10025576 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [255344 2011-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [173432 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [836984 2011-03-10] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1210640 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start [888752 2010-03-02] (TOSHIBA)
HKLM\...\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start [783224 2010-11-04] (TOSHIBA)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1369512 2011-04-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611736 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [611736 2011-04-05] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM\...\Run: [TNRotate] %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe [607688 2010-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218792 2010-08-17] (Toshiba)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [467816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaAppPlace] "C:\Program Files\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [293360 2011-07-13] (Rovi Corporation)
HKLM\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
HKLM\...\Run: [CPMonitor] "C:\Program Files\Roxio 2012\5.0\CPMonitor.exe" [84464 2011-07-08] ()
HKLM\...\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [506352 2011-06-12] ()
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow [887384 2011-12-06] (Trend Micro Inc.)
HKLM\...\Run: [EMMeter] C:\windows\system32\wex4962\EMMeter.exe /quiet [619456 2010-11-19] (Express Metrix)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" [35840 2013-04-04] (?????????? ??????????)
HKU\selmore\...\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun [6864896 2013-01-30] (FreeDownloadManager.ORG)
HKU\selmore\...\Run: [Push Client] C:\Users\selmore\AppData\Local\ATT Connect\Participant\pull.exe [965872 2010-06-03] (AT&T Inc.)
HKU\selmore\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\Steve Elmore\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKLM\...\Winlogon: [Shell] C:\ProgramData\DisplaySwitch.exe [x ] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\selmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Services (Whitelisted) ===================

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [2043712 2010-06-17] (AuthenTec, Inc.)
2 BOT4Service; "C:\Program Files\Roxio\BackOnTrack\App\BService.exe" [21488 2011-07-15] ()
2 CcmExec; C:\windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
2 cfWiMAXService; "C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe" [185712 2010-01-28] (TOSHIBA CORPORATION)
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION)
2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671408 2012-11-07] (Juniper Networks)
2 EMCliSrv; C:\windows\system32\wex4962\EMCliSrv.exe [299008 2010-11-19] (Express Metrix)
2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [87416 2008-06-04] (Juniper Networks)
2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [218136 2008-07-10] (Microsoft Corporation)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 [3201024 2008-07-29] (Microsoft Corporation)
2 Multi-user Cleanup Service; "C:\Program Files\notes\ntmulti.exe" [53248 2006-09-27] (IBM Corp)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2011-01-05] ()
2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe /s [135608 2012-01-31] (Symantec Corporation)
2 ntrtscan; "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe" [1439464 2011-12-02] (Trend Micro Inc.)
3 OnePointDomainAdminService; C:\windows\OnePointDomainAgent\DCTAgentService.exe en-US 0x409 [91648 2010-05-20] (Microsoft Corporation)
3 OracleOracleHome92ClientCache; C:\Oracle\ora92\BIN\ONRSD.EXE [242328 2002-04-26] ()
2 PCCUJobMgr; "C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll" /prefetch:1 [132984 2011-02-03] (Symantec Corporation)
3 PSEXESVC; C:\Windows\PSEXESVC.EXE [181064 2012-11-29] (Sysinternals)
3 RoxMediaDB13; "C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe" [1095664 2011-07-13] (Rovi Corporation)
2 RoxWatch12; "C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe" [340976 2011-07-13] (Rovi Corporation)
3 smstsmgr; C:\windows\system32\CCM\TSManager.exe /service [246624 2009-09-18] (Microsoft Corporation)
3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2010-11-29] (TOSHIBA Corporation)
3 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [345616 2011-10-24] (Trend Micro Inc.)
2 tmlisten; "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe" [1416032 2011-12-02] (Trend Micro Inc.)
3 TmProxy; "C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe" [689680 2011-04-15] (Trend Micro Inc.)
2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [468392 2010-12-09] (TOSHIBA Corporation)
2 TOSHIBA eco Utility Service; "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [210360 2011-04-07] (TOSHIBA Corporation)
3 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [112032 2010-12-08] (TOSHIBA Corporation)
3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [685488 2011-04-05] (TOSHIBA Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

==================== Drivers (Whitelisted) ====================

3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1092160 2011-04-19] (Broadcom Corporation)
3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [263680 2011-11-15] (Intel Corporation)
3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-11-07] (Juniper Networks)
3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [267944 2011-08-04] (Intel Corporation)
3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47616 2011-12-09] (Intel Corporation)
3 L6DP; C:\Windows\System32\Drivers\l6dp.sys [27392 2005-09-28] (Line 6)
3 L6TPortA; C:\Windows\System32\Drivers\L6TPortA.sys [392448 2005-09-28] (Line 6)
3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-12-24] (Intel Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] (Intel Corporation)
3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [63872 2011-02-10] (Renesas Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141952 2011-02-10] (Renesas Electronics Corporation)
3 prepdrvr; \??\C:\windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45744 2011-05-24] (Rovi Corporation)
2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [75776 2011-04-22] (REDC)
2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [45056 2011-04-26] (REDC)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204448 2010-05-24] (Realtek Semiconductor Corp.)
3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [71440 2012-02-17] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [177424 2012-02-17] (Trend Micro Inc.)
3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [59664 2012-02-17] (Trend Micro Inc.)
2 TmFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [264504 2012-07-17] (Trend Micro Inc.)
2 TmPreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36664 2012-07-17] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90448 2010-11-08] (Trend Micro Inc.)
2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
2 VSApiNt; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1515232 2012-07-17] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-05 09:19 - 2013-04-05 09:19 - 00070316 ____A C:\OTL.Txt
2013-04-05 09:16 - 2013-04-05 09:01 - 00602112 ____A (OldTimer Tools) C:\OTL.exe
2013-04-05 08:50 - 2013-04-05 08:50 - 00147880 ____A C:\Windows\Minidump\040513-21247-01.dmp
2013-04-04 18:05 - 2013-04-04 18:05 - 02250054 ____A C:\ProgramData\1.bmp
2013-04-04 17:54 - 2013-04-04 17:54 - 00035840 ____A (?????????? ??????????) C:\ProgramData\DisplaySwitch.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 14317568 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-04 08:35 - 2013-04-04 08:35 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-04 08:35 - 2013-04-04 08:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-04 08:35 - 2013-04-04 08:35 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00391680 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-04 08:35 - 2013-04-04 08:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-04 08:35 - 2013-04-04 08:35 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-04 08:34 - 2013-04-04 08:34 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-04-04 08:33 - 2013-04-04 08:33 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-04 08:29 - 2013-04-04 08:36 - 00008526 ____A C:\Windows\IE10_main.log
2013-04-02 10:21 - 2013-04-02 10:21 - 00012890 ____A C:\Users\selmore\Desktop\Copy of Badge Numbers.xlsx
2013-04-01 23:33 - 2013-04-01 23:33 - 00022016 ____A C:\Users\selmore\Desktop\Copy of FY13 EOY Correlation - Mgmt Survey - Specialists.xlsx
2013-04-01 22:36 - 2013-04-01 23:12 - 00009209 ____A C:\Users\selmore\Desktop\TABC-BC-CAPTIN.xlsx
2013-04-01 11:35 - 2013-04-01 11:35 - 00016928 ____A C:\Users\selmore\Desktop\hs_err_pid9624.log
2013-04-01 08:44 - 2013-04-01 08:44 - 00016780 ____A C:\Users\selmore\Desktop\hs_err_pid6124.log
2013-03-31 22:52 - 2013-03-31 22:52 - 00016772 ____A C:\Users\selmore\Desktop\hs_err_pid5748.log
2013-03-29 10:36 - 2013-04-01 23:25 - 00025600 ____A C:\Users\selmore\Desktop\SSRM FY13 EOY Specialist Correlation Template.xlsx
2013-03-27 10:52 - 2013-03-27 14:00 - 00011172 ____A C:\Users\selmore\Desktop\New Microsoft Excel Worksheet.xlsx
2013-03-25 14:12 - 2013-04-01 19:09 - 00013865 ____A C:\Users\selmore\Desktop\Executive Concern Items.xlsx
2013-03-25 05:30 - 2013-04-05 09:15 - 00019900 ____A C:\Windows\System32\EMCliSrv.log
2013-03-24 01:03 - 2013-02-11 19:32 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2013-03-24 01:03 - 2013-02-11 19:32 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-24 01:03 - 2012-07-04 11:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys
2013-03-21 06:50 - 2013-03-21 06:50 - 00000000 ____A C:\Users\selmore\Desktop\Nobunaga_no_Chef_EP01_720p_HDTV_x264_AAC_mkv.z2a0jeh.partial
2013-03-20 07:11 - 2013-03-20 09:45 - 00808336 ____A C:\Users\selmore\Desktop\IS_FMDS_-_Section_Management_Board.xlsx
2013-03-16 14:33 - 2013-03-16 14:33 - 00000000 ____D C:\Users\selmore\AppData\Local\{C7E8C400-9A32-4545-91CA-114382F6ACC8}
2013-03-15 10:27 - 2013-03-15 12:43 - 00074752 ____A C:\Users\selmore\Desktop\Copy of Verizon FY13 Billing Totals - Sept 2012.xls
2013-03-11 08:26 - 2013-03-11 08:26 - 00000000 ____D C:\Users\selmore\AppData\Local\WinZip Courier
2013-03-11 08:25 - 2013-03-11 08:25 - 00000000 ____D C:\ProgramData\WinZipEC
2013-03-11 08:07 - 2013-03-11 10:38 - 00000000 ____D C:\ProgramData\Yahoo!
2013-03-11 08:07 - 2013-03-11 10:38 - 00000000 ____D C:\Program Files\Yahoo!
2013-03-11 08:06 - 2013-03-11 08:06 - 00000000 ____D C:\ProgramData\APN
2013-03-11 07:50 - 2013-03-11 07:50 - 00000000 ____D C:\Users\selmore\AppData\Local\WinZip
2013-03-11 07:48 - 2013-03-11 07:50 - 00000000 ____D C:\ProgramData\WinZip
2013-03-11 07:48 - 2013-03-11 07:49 - 00000000 ____D C:\Program Files\WinZip
2013-03-11 07:48 - 2013-03-11 07:48 - 00000000 ____D C:\Users\selmore\Documents\Add-in Express
2013-03-08 16:16 - 2013-03-08 16:16 - 00219136 ____A C:\Users\selmore\Desktop\A4 - Parts Receipt.vsd
2013-03-08 11:21 - 2013-03-08 11:21 - 00630784 ____A C:\Users\selmore\Desktop\ToyotaConnect Access -TABC Steve Elmore.xls


==================== One Month Modified Files and Folders ========

2013-04-05 13:29 - 2013-04-05 13:29 - 00000000 ____D C:\FRST
2013-04-05 09:25 - 2013-03-25 05:30 - 00019900 ____A C:\Windows\System32\EMCliSrv.log
2013-04-05 09:21 - 2009-07-13 20:34 - 00027344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-05 09:21 - 2009-07-13 20:34 - 00027344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-05 09:19 - 2013-04-05 09:19 - 00070316 ____A C:\OTL.Txt
2013-04-05 09:17 - 2012-08-17 12:16 - 00000471 ____A C:\Windows\SMSCFG.ini
2013-04-05 09:13 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-05 09:13 - 2009-07-13 20:39 - 00071048 ____A C:\Windows\setupact.log
2013-04-05 09:01 - 2013-04-05 09:16 - 00602112 ____A (OldTimer Tools) C:\OTL.exe
2013-04-05 08:50 - 2013-04-05 08:50 - 00147880 ____A C:\Windows\Minidump\040513-21247-01.dmp
2013-04-05 08:50 - 2012-03-12 08:20 - 917488166 ____A C:\Windows\MEMORY.DMP
2013-04-05 08:50 - 2012-03-12 08:20 - 00000000 ____D C:\Windows\Minidump
2013-04-05 08:15 - 2011-11-15 14:17 - 00000000 ____D C:\Users\selmore\AppData\Roaming\Free Download Manager
2013-04-04 18:05 - 2013-04-04 18:05 - 02250054 ____A C:\ProgramData\1.bmp
2013-04-04 17:59 - 2011-11-15 09:11 - 01156381 ____A C:\Windows\WindowsUpdate.log
2013-04-04 17:54 - 2013-04-04 17:54 - 00035840 ____A (?????????? ??????????) C:\ProgramData\DisplaySwitch.exe
2013-04-04 17:51 - 2011-11-15 15:44 - 00000000 ____D C:\Users\selmore\AppData\Roaming\ThumbsPlus
2013-04-04 16:06 - 2011-11-15 10:11 - 00001576 ____A C:\Windows\System32\config\netlogon.ftl
2013-04-04 15:42 - 2012-09-06 12:57 - 00020307 ____A C:\Windows\cfgall.ini
2013-04-04 10:31 - 2012-10-24 10:29 - 00000000 ____D C:\Users\selmore\Tracing
2013-04-04 09:26 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-04-04 08:44 - 2012-02-06 08:15 - 00036778 _RASH C:\Users\selmore\ntuser.pol
2013-04-04 08:44 - 2011-11-15 11:14 - 00000000 ____D C:\users\selmore
2013-04-04 08:44 - 2010-11-20 13:01 - 00006576 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-04 08:39 - 2009-07-13 20:33 - 00453008 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-04-04 08:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-04-04 08:36 - 2013-04-04 08:29 - 00008526 ____A C:\Windows\IE10_main.log
2013-04-04 08:35 - 2013-04-04 08:35 - 14317568 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-04 08:35 - 2013-04-04 08:35 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-04 08:35 - 2013-04-04 08:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-04 08:35 - 2013-04-04 08:35 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00391680 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-04 08:35 - 2013-04-04 08:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-04 08:35 - 2013-04-04 08:35 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-04 08:35 - 2013-04-04 08:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-04 08:35 - 2013-04-04 08:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-04 08:34 - 2013-04-04 08:34 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-04-04 08:33 - 2013-04-04 08:33 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-04 08:33 - 2013-04-04 08:33 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-03 10:35 - 2012-12-19 07:54 - 00000000 ____D C:\ProgramData\Express Software Manager
2013-04-02 10:21 - 2013-04-02 10:21 - 00012890 ____A C:\Users\selmore\Desktop\Copy of Badge Numbers.xlsx
2013-04-02 02:33 - 2011-11-15 18:40 - 00237088 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-01 23:33 - 2013-04-01 23:33 - 00022016 ____A C:\Users\selmore\Desktop\Copy of FY13 EOY Correlation - Mgmt Survey - Specialists.xlsx
2013-04-01 23:25 - 2013-03-29 10:36 - 00025600 ____A C:\Users\selmore\Desktop\SSRM FY13 EOY Specialist Correlation Template.xlsx
2013-04-01 23:12 - 2013-04-01 22:36 - 00009209 ____A C:\Users\selmore\Desktop\TABC-BC-CAPTIN.xlsx
2013-04-01 19:09 - 2013-03-25 14:12 - 00013865 ____A C:\Users\selmore\Desktop\Executive Concern Items.xlsx
2013-04-01 11:35 - 2013-04-01 11:35 - 00016928 ____A C:\Users\selmore\Desktop\hs_err_pid9624.log
2013-04-01 08:44 - 2013-04-01 08:44 - 00016780 ____A C:\Users\selmore\Desktop\hs_err_pid6124.log
2013-03-31 22:52 - 2013-03-31 22:52 - 00016772 ____A C:\Users\selmore\Desktop\hs_err_pid5748.log
2013-03-31 22:30 - 2011-11-15 15:26 - 00000000 ____D C:\Users\selmore\AppData\Local\CrashDumps
2013-03-27 14:00 - 2013-03-27 10:52 - 00011172 ____A C:\Users\selmore\Desktop\New Microsoft Excel Worksheet.xlsx
2013-03-25 14:30 - 2012-12-11 08:15 - 00025306 ____A C:\Users\selmore\Desktop\Japanese.xlsx
2013-03-25 05:25 - 2012-12-25 21:43 - 00033004 ____A C:\Windows\System32\EMCliSrv.bak
2013-03-25 02:17 - 2011-05-17 16:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-25 02:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-03-24 01:09 - 2011-11-15 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-24 01:04 - 2011-11-15 18:49 - 69796088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-21 06:50 - 2013-03-21 06:50 - 00000000 ____A C:\Users\selmore\Desktop\Nobunaga_no_Chef_EP01_720p_HDTV_x264_AAC_mkv.z2a0jeh.partial
2013-03-21 06:37 - 2010-11-20 13:48 - 00527274 ____A C:\Windows\PFRO.log
2013-03-20 09:45 - 2013-03-20 07:11 - 00808336 ____A C:\Users\selmore\Desktop\IS_FMDS_-_Section_Management_Board.xlsx
2013-03-19 15:19 - 2012-11-20 08:16 - 00000840 ____A C:\Windows\TMFilter.log
2013-03-19 10:58 - 2012-04-18 10:47 - 00071638 ____A C:\Users\selmore\Desktop\Remedy Query.xlsx
2013-03-16 14:33 - 2013-03-16 14:33 - 00000000 ____D C:\Users\selmore\AppData\Local\{C7E8C400-9A32-4545-91CA-114382F6ACC8}
2013-03-15 13:33 - 2011-11-15 15:48 - 00000000 ____D C:\Users\selmore\AppData\Roaming\Roxio
2013-03-15 12:43 - 2013-03-15 10:27 - 00074752 ____A C:\Users\selmore\Desktop\Copy of Verizon FY13 Billing Totals - Sept 2012.xls
2013-03-14 15:18 - 2013-01-16 09:53 - 00000000 ____D C:\Users\selmore\Desktop\Working Budgets
2013-03-12 07:32 - 2013-02-26 08:55 - 00013994 ____A C:\Users\selmore\Desktop\Exec Follow up.xlsx
2013-03-11 10:39 - 2012-03-06 08:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-03-11 10:38 - 2013-03-11 08:07 - 00000000 ____D C:\ProgramData\Yahoo!
2013-03-11 10:38 - 2013-03-11 08:07 - 00000000 ____D C:\Program Files\Yahoo!
2013-03-11 10:29 - 2013-02-26 08:55 - 00013896 ____A C:\Users\selmore\Desktop\Exec Follow up2.xlsx
2013-03-11 08:26 - 2013-03-11 08:26 - 00000000 ____D C:\Users\selmore\AppData\Local\WinZip Courier
2013-03-11 08:25 - 2013-03-11 08:25 - 00000000 ____D C:\ProgramData\WinZipEC
2013-03-11 08:06 - 2013-03-11 08:06 - 00000000 ____D C:\ProgramData\APN
2013-03-11 07:50 - 2013-03-11 07:50 - 00000000 ____D C:\Users\selmore\AppData\Local\WinZip
2013-03-11 07:50 - 2013-03-11 07:48 - 00000000 ____D C:\ProgramData\WinZip
2013-03-11 07:49 - 2013-03-11 07:48 - 00000000 ____D C:\Program Files\WinZip
2013-03-11 07:48 - 2013-03-11 07:48 - 00000000 ____D C:\Users\selmore\Documents\Add-in Express
2013-03-08 16:16 - 2013-03-08 16:16 - 00219136 ____A C:\Users\selmore\Desktop\A4 - Parts Receipt.vsd
2013-03-08 11:21 - 2013-03-08 11:21 - 00630784 ____A C:\Users\selmore\Desktop\ToyotaConnect Access -TABC Steve Elmore.xls
2013-03-07 08:38 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-05-17 16:19] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-05-17 16:18] - [2011-02-24 21:40] - 0246144 ____A (Microsoft Corporation) C37AEE5966EB5929E2051AC7409B5730


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-11 07:47:58
Restore point made on: 2013-03-11 10:38:04
Restore point made on: 2013-03-15 20:02:06
Restore point made on: 2013-03-23 13:43:00
Restore point made on: 2013-03-24 01:01:42
Restore point made on: 2013-03-31 22:33:18
Restore point made on: 2013-04-04 08:30:34
Restore point made on: 2013-04-04 17:58:08

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4045.43 MB
Available physical RAM: 3465.38 MB
Total Pagefile: 4043.7 MB
Available Pagefile: 3466.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: (T13w3893) (Fixed) (Total:200 GB) (Free:111.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (System) (Fixed) (Total:1.46 GB) (Free:1.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (Repair disc Windows 7 32-bit) (Removable) (Total:7.55 GB) (Free:7.34 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (Files) (Fixed) (Total:82.31 GB) (Free:72.42 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 7728 MB 0 B

Partitions of Disk 0:
===============

Disk ID: B1A21709

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 200 GB 1501 MB
Partition 0 Extended 82 GB 201 GB
Partition 4 Logical 82 GB 201 GB
Partition 3 Primary 14 GB 283 GB

=========================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C T13w3893 NTFS Partition 200 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y Files NTFS Partition 82 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Disk ID: 0081E3EA

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7727 MB 1024 KB

=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Repair disc NTFS Removable 7727 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: B1A21709

Partition 1:
=========
Hex: 8020210027591ABF0008000000E02E00
Active: YES
Type: 27
Size: 1 GB

Partition 2:
=========
Hex: 00591BBF07FEFFFF00E82E0000000019
Active: NO
Type: 07 (NTFS)
Size: 200 GB

Partition 3:
=========
Hex: 00FEFFFF0FFEFFFF00E82E1900D0490A
Active: NO
Type: OF (Extended)
Size: 82 GB

Partition 4:
=========
Hex: 00FEFFFF17FEFFFF00B878230030CA01
Active: NO
Type: 17
Size: 14 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 0081E3EA

Partition 1:
=========
Hex: 8020210007FEFFD8000800000078F100
Active: YES
Type: 07 (NTFS)
Size: 8 GB


Last Boot: 2013-04-04 09:17

==================== End Of Log ============================
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached fixlist.txt to the same USB as FRST
[attachment=64119:fixlist.txt]
Run FRST as before and press Fix
Once it has completed boot to normal mode and run OTL

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#7
selmore

selmore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
awesome !

here's the OTL log, followed by the extras log:

OTL logfile created on: 4/5/2013 1:58:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\selmore\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 39.93% Memory free
5.96 Gb Paging File | 4.08 Gb Available in Paging File | 68.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 200.00 Gb Total Space | 111.87 Gb Free Space | 55.94% Space Free | Partition Type: NTFS
Drive F: | 7.55 Gb Total Space | 7.34 Gb Free Space | 97.28% Space Free | Partition Type: NTFS
Drive Z: | 82.31 Gb Total Space | 72.42 Gb Free Space | 87.99% Space Free | Partition Type: NTFS

Computer Name: T13W4680 | User Name: SElmore | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/05 11:47:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\selmore\Desktop\OTL.exe
PRC - [2013/04/04 09:34:38 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/01/30 16:45:22 | 006,864,896 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2012/11/07 03:12:32 | 000,671,408 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2012/10/04 07:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/31 10:14:17 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
PRC - [2011/12/06 11:15:26 | 000,887,384 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2011/12/03 00:33:32 | 001,416,032 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2011/12/03 00:27:36 | 001,439,464 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2011/09/01 17:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/07/15 02:03:00 | 000,021,488 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe
PRC - [2011/07/08 13:31:22 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio 2012\5.0\CPMonitor.exe
PRC - [2011/06/12 20:07:24 | 000,506,352 | ---- | M] () -- C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/07 14:56:42 | 000,210,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\TecoService.exe
PRC - [2011/04/07 14:56:22 | 001,369,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TECO\Teco.exe
PRC - [2011/04/05 20:34:20 | 000,624,048 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
PRC - [2011/04/05 20:34:02 | 000,685,488 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
PRC - [2011/03/30 22:33:36 | 000,031,648 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
PRC - [2011/03/10 17:35:10 | 000,836,984 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2011/03/03 01:51:30 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/03/03 01:51:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/03/02 11:28:40 | 000,521,640 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/09 18:36:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2011/02/03 12:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
PRC - [2011/01/27 17:05:32 | 001,021,344 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2011/01/05 14:22:50 | 000,936,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/01/05 14:09:24 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/12/24 21:16:30 | 000,513,536 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2010/12/24 16:41:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/24 16:41:02 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/24 16:40:58 | 001,923,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/12/09 18:43:20 | 000,468,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2010/12/08 16:36:08 | 000,112,032 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2010/12/03 15:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/11/25 16:00:30 | 000,607,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TNROTATE\TNROTATE.exe
PRC - [2010/11/19 16:53:02 | 000,619,456 | -H-- | M] (Express Metrix) -- C:\Windows\System32\wex4962\EMMeter.exe
PRC - [2010/11/19 16:42:50 | 000,299,008 | -H-- | M] (Express Metrix) -- C:\Windows\System32\wex4962\EMCliSrv.exe
PRC - [2010/11/04 12:03:40 | 000,783,224 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe
PRC - [2010/10/25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/10/20 15:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2010/07/07 14:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\hidfind.exe
PRC - [2010/06/17 19:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2010/06/03 17:17:26 | 000,965,872 | ---- | M] (AT&T Inc.) -- C:\Users\selmore\AppData\Local\ATT Connect\Participant\pull.exe
PRC - [2010/04/23 13:36:36 | 000,467,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
PRC - [2010/03/02 11:24:26 | 000,888,752 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe
PRC - [2010/01/28 17:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/12/06 09:26:00 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/06/04 16:02:56 | 000,087,416 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2006/09/27 06:38:22 | 000,053,248 | ---- | M] (IBM Corp) -- C:\Program Files\notes\ntmulti.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/07 08:44:43 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/03/07 08:43:17 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/22 10:48:15 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/22 09:27:24 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/22 09:26:18 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/22 09:25:46 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/22 09:25:42 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/22 09:25:41 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/22 09:25:37 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/12/26 09:13:54 | 003,547,136 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmbtsupp.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/08 13:31:22 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio 2012\5.0\CPMonitor.exe
MOD - [2011/06/12 20:07:24 | 000,506,352 | ---- | M] () -- C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/08 12:49:22 | 000,295,800 | ---- | M] () -- C:\Program Files\Toshiba\TFPU\TFPUCommon.dll
MOD - [2010/12/15 16:18:08 | 000,107,936 | ---- | M] () -- C:\Program Files\Toshiba\TECO\MUIHelp.dll
MOD - [2010/12/08 16:35:12 | 000,079,264 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2010/11/18 18:18:34 | 011,205,120 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/06/03 17:01:58 | 000,031,744 | ---- | M] () -- C:\Users\selmore\AppData\Local\ATT Connect\Participant\IwRegVC90.dll
MOD - [2002/12/06 22:15:18 | 000,418,304 | ---- | M] () -- C:\Users\selmore\AppData\Local\ATT Connect\Participant\exchndl.dll


========== Services (SafeList) ==========

SRV - [2012/11/29 14:00:46 | 000,181,064 | ---- | M] (Sysinternals) [On_Demand | Stopped] -- C:\Windows\PSEXESVC.EXE -- (PSEXESVC)
SRV - [2012/11/07 03:12:32 | 000,671,408 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2012/09/01 14:26:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/31 10:14:17 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/12/03 00:33:32 | 001,416,032 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2011/12/03 00:27:36 | 001,439,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2011/11/15 22:30:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/24 15:11:08 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2011/07/15 02:03:00 | 000,021,488 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2011/07/13 08:41:52 | 000,340,976 | ---- | M] (Rovi Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2011/07/13 08:41:30 | 001,095,664 | ---- | M] (Rovi Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2011/04/07 14:56:42 | 000,210,360 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2011/04/05 20:34:02 | 000,685,488 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2011/03/03 01:51:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/02/09 18:36:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2011/02/03 12:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/01/05 14:22:50 | 000,936,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/01/05 14:11:14 | 000,227,600 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011/01/05 14:09:24 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/12/28 00:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/12/24 21:16:30 | 000,513,536 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2010/12/24 16:41:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/24 16:41:02 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/09 18:43:20 | 000,468,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010/12/08 16:36:08 | 000,112,032 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/19 16:42:50 | 000,299,008 | -H-- | M] (Express Metrix) [Auto | Running] -- C:\Windows\System32\wex4962\EMCliSrv.exe -- (EMCliSrv)
SRV - [2010/10/20 15:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2010/06/17 19:11:56 | 002,043,712 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2010/05/20 03:10:02 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\OnePointDomainAgent\DCTAgentService.exe -- (OnePointDomainAdminService)
SRV - [2010/04/12 11:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/01/28 17:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/07/29 14:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/06/04 16:02:56 | 000,087,416 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/09/27 06:38:22 | 000,053,248 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2002/04/26 20:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- C:\Oracle\ora92\bin\ONRSD.EXE -- (OracleOracleHome92ClientCache)


========== Driver Services (SafeList) ==========

DRV - [2012/11/07 02:46:42 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2012/07/17 12:40:38 | 000,264,504 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter)
DRV - [2012/07/17 12:40:18 | 000,036,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter)
DRV - [2012/07/17 12:09:50 | 001,515,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/17 15:06:28 | 000,071,440 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/02/17 15:06:14 | 000,059,664 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/02/17 15:06:04 | 000,177,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/12/09 19:45:00 | 000,047,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011/11/15 01:04:00 | 000,263,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2011/08/04 23:43:04 | 000,267,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2011/06/01 12:20:28 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2011/04/26 08:05:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2011/04/22 10:02:00 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdxc86.sys -- (risdxc)
DRV - [2011/04/19 08:49:20 | 001,092,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2011/03/03 02:17:56 | 006,651,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/03/03 01:16:54 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/02/23 12:03:04 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2011/02/18 11:06:06 | 000,290,936 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/02/10 14:52:10 | 000,141,952 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011/02/10 14:52:10 | 000,063,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2011/02/09 02:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2011/02/09 02:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2011/02/09 02:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2011/01/27 16:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2011/01/04 12:28:00 | 007,435,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2010/12/24 16:40:56 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010/11/29 12:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 05:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 05:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 03:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 03:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/11 11:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010/11/08 19:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/08/30 11:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010/06/18 17:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2010/06/17 19:30:04 | 000,677,320 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2010/05/24 21:07:38 | 000,204,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2010/04/26 12:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2010/03/12 18:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/09/17 08:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2009/07/30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/24 12:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/14 13:23:16 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/29 17:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2009/06/29 11:25:28 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/19 20:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/06/17 12:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2005/09/28 11:38:31 | 000,027,392 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l6dp.sys -- (L6DP)
DRV - [2005/09/28 11:36:43 | 000,392,448 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L6TPortA.sys -- (L6TPortA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {220FFFE0-B26E-4645-8459-3A8396B006E2}
IE - HKLM\..\SearchScopes\{220FFFE0-B26E-4645-8459-3A8396B006E2}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.21.31.117:8080

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.21.31.117:8080



IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://employee.tmmna.com/
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://employee.tmmna.com/
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 48 28 52 14 11 CE 01 [binary data]
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..\SearchScopes,DefaultScope = {220FFFE0-B26E-4645-8459-3A8396B006E2}
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..\SearchScopes\{220FFFE0-B26E-4645-8459-3A8396B006E2}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..\SearchScopes\{ABA75C38-B6AE-496C-9C55-4E93B37413A8}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.21.31.117:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://employee.tmmna.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.7.9
FF - prefs.js..network.proxy.ftp: "10.21.31.117"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "10.21.31.117"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.21.31.117"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.21.31.117"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2011/11/15 10:31:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/15 15:21:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/17 10:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/06 09:23:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/17 10:02:37 | 000,000,000 | ---D | M]

[2012/03/06 09:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\selmore\AppData\Roaming\mozilla\Extensions
[2013/03/11 11:38:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\selmore\AppData\Roaming\mozilla\Firefox\Profiles\hdozsaic.default\extensions
[2012/04/19 09:36:56 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\selmore\AppData\Roaming\mozilla\firefox\profiles\hdozsaic.default\extensions\[email protected]
[2012/03/06 09:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/06 09:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013/01/22 09:27:13 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAMDATA\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSIONS\1.5.7.9
[2012/02/29 01:14:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/11 20:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012/02/29 01:12:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/29 01:12:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/02 04:18:13 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\Toshiba\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2012\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EMMeter] C:\windows\System32\wex4962\EMMeter.exe (Express Metrix)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Rovi Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TNRotate] C:\Program Files\Toshiba\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\Toshiba\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363..\Run: [Push Client] C:\Users\selmore\AppData\Local\ATT Connect\Participant\pull.exe (AT&T Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\selmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: msn.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: t01sql09 ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: toyota.co.jp ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: toyota.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: toyota.com ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: toyota.com ([*.tmm.na.corp] http in Local intranet)
O15 - HKLM\..Trusted Domains: toyota.com ([*.tmm.na.corp] https in Local intranet)
O15 - HKLM\..Trusted Domains: toyotageorgetown.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: toyotasupplier.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: toyotasupplier.com ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: weather.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: msn.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: t01sql09 ([]http in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: toyota.co.jp ([]https in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: toyota.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: toyota.com ([]https in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: toyota.com ([*.tmm.na.corp] http in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: toyota.com ([*.tmm.na.corp] https in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: toyotageorgetown.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: toyotasupplier.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: toyotasupplier.com ([]https in Local intranet)
O15 - HKU\S-1-5-21-1903061005-1413307639-1264475144-201363\..Trusted Domains: weather.com ([]http in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://access.toyot...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tmm.na.corp.toyota.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C986566-837F-470F-9160-78A957E869EB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0FE5E05-AC9D-4FC1-9463-41F4EEB735D7}: DhcpNameServer = 10.21.0.34 10.21.0.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {606427C1-E5F0-4001-832B-BD7DF391ECA7} - C:\Windows\System32\wex4962\EMMeterHook960.dll (Express Metrix)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - C:\ProgramData\DisplaySwitch.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/04/05 11:23:39 | 000,017,542 | ---- | M] () - F:\autorun.ico -- [ NTFS ]
O32 - AutoRun File - [2013/04/05 11:23:39 | 000,000,252 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/05 14:29:14 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/05 13:54:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\selmore\Desktop\OTL.exe
[2013/04/05 10:16:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2013/04/04 09:35:25 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2013/04/04 09:35:25 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
[2013/04/04 09:35:24 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2013/04/04 09:35:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/04/04 09:35:24 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/04/04 09:35:23 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/04/04 09:35:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2013/04/04 09:35:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2013/04/04 09:35:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2013/04/04 09:35:23 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2013/04/04 09:35:22 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/04/04 09:35:22 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/04/04 09:35:22 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013/04/04 09:35:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2013/04/04 09:35:22 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2013/04/04 09:35:22 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2013/04/04 09:35:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013/04/04 09:35:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2013/04/04 09:35:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2013/04/04 09:35:21 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/04/04 09:35:21 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2013/04/04 09:35:21 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2013/04/04 09:35:21 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/04/04 09:35:21 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2013/04/04 09:35:21 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2013/04/04 09:35:21 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2013/04/04 09:35:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/04/04 09:35:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2013/04/04 09:35:21 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/04/04 09:35:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/04/04 09:35:20 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/04/04 09:35:20 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2013/04/04 09:35:20 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013/04/04 09:35:20 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/04/04 09:35:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/04/04 09:35:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013/04/04 09:34:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
[2013/04/04 09:33:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/04 09:33:17 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/04 09:33:17 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/04 09:33:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/04 09:33:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/04 09:33:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/04 09:33:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/04 09:33:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/04/04 09:33:16 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013/04/04 09:33:16 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2013/04/04 09:33:16 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/04/04 09:33:16 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013/04/04 09:33:16 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013/04/04 09:33:16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013/04/04 09:33:16 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013/04/04 09:33:16 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013/04/04 09:33:16 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013/04/04 09:33:16 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013/04/04 09:33:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013/04/04 09:33:16 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/04 09:33:15 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013/04/04 09:33:15 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013/04/04 09:33:15 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013/04/04 09:33:15 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013/04/04 09:33:15 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013/03/24 02:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/24 02:03:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rndismpx.sys
[2013/03/24 02:03:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usb8023.sys
[2013/03/16 15:33:32 | 000,000,000 | ---D | C] -- C:\Users\selmore\AppData\Local\{C7E8C400-9A32-4545-91CA-114382F6ACC8}
[2013/03/11 09:26:09 | 000,000,000 | ---D | C] -- C:\Users\selmore\AppData\Local\WinZip Courier
[2013/03/11 09:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013/03/11 09:25:24 | 000,000,000 | ---D | C] -- C:\Users\selmore\AppData\Local\assembly
[2013/03/11 09:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/03/11 09:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2013/03/11 09:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/03/11 08:50:04 | 000,000,000 | ---D | C] -- C:\Users\selmore\AppData\Local\WinZip
[2013/03/11 08:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/03/11 08:48:48 | 000,000,000 | ---D | C] -- C:\Users\selmore\Documents\Add-in Express
[2013/03/11 08:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/03/11 08:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2008/06/04 15:59:56 | 000,069,632 | ---- | C] (Juniper Networks) -- C:\ProgramData\NeoterisSetup.ocx
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/05 13:58:20 | 000,027,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 13:58:20 | 000,027,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 13:57:14 | 000,967,926 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/04/05 13:57:14 | 000,229,202 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/04/05 13:56:34 | 000,000,471 | ---- | M] () -- C:\windows\SMSCFG.ini
[2013/04/05 13:50:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/05 13:50:30 | 536,352,372 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/04/05 13:50:29 | 2401,308,672 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 11:47:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\selmore\Desktop\OTL.exe
[2013/04/05 10:01:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013/04/04 19:05:07 | 000,302,806 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/04/04 16:42:09 | 000,020,307 | ---- | M] () -- C:\windows\cfgall.ini
[2013/04/04 09:44:29 | 000,036,778 | RHS- | M] () -- C:\Users\selmore\ntuser.pol
[2013/04/04 09:39:38 | 000,453,008 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/04/04 09:35:25 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2013/04/04 09:35:25 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
[2013/04/04 09:35:24 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2013/04/04 09:35:24 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/04/04 09:35:24 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/04/04 09:35:23 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/04/04 09:35:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2013/04/04 09:35:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2013/04/04 09:35:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2013/04/04 09:35:23 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2013/04/04 09:35:22 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/04/04 09:35:22 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/04/04 09:35:22 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013/04/04 09:35:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2013/04/04 09:35:22 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2013/04/04 09:35:22 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2013/04/04 09:35:22 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013/04/04 09:35:22 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2013/04/04 09:35:22 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2013/04/04 09:35:21 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/04/04 09:35:21 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2013/04/04 09:35:21 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2013/04/04 09:35:21 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/04/04 09:35:21 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2013/04/04 09:35:21 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2013/04/04 09:35:21 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2013/04/04 09:35:21 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/04/04 09:35:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2013/04/04 09:35:21 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/04/04 09:35:21 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/04/04 09:35:21 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2013/04/04 09:35:20 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/04/04 09:35:20 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2013/04/04 09:35:20 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013/04/04 09:35:20 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/04/04 09:35:20 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/04/04 09:35:20 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013/04/04 09:34:38 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
[2013/04/04 09:33:17 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/04 09:33:17 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/04 09:33:17 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/04 09:33:17 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/04 09:33:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/04 09:33:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/04 09:33:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/04 09:33:17 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/04/04 09:33:16 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013/04/04 09:33:16 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2013/04/04 09:33:16 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/04/04 09:33:16 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013/04/04 09:33:16 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013/04/04 09:33:16 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013/04/04 09:33:16 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013/04/04 09:33:16 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013/04/04 09:33:16 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013/04/04 09:33:16 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013/04/04 09:33:16 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013/04/04 09:33:16 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/04 09:33:15 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013/04/04 09:33:15 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013/04/04 09:33:15 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013/04/04 09:33:15 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013/04/04 09:33:15 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013/04/02 04:18:13 | 000,000,824 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/04/02 03:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2013/03/25 06:25:21 | 000,033,004 | ---- | M] () -- C:\windows\System32\EMCliSrv.bak
[2013/03/22 08:35:18 | 000,244,820 | ---- | M] () -- C:\Users\selmore\Desktop\eastwood.jpg
[2013/03/22 08:34:43 | 000,021,443 | ---- | M] () -- C:\Users\selmore\Desktop\The%20Man%20With%20No%20Name.jpg
[2013/03/21 07:50:15 | 000,000,000 | ---- | M] () -- C:\Users\selmore\Desktop\Nobunaga_no_Chef_EP01_720p_HDTV_x264_AAC_mkv.z2a0jeh.partial
[2013/03/08 17:16:29 | 000,219,136 | ---- | M] () -- C:\Users\selmore\Desktop\A4 - Parts Receipt.vsd
[2013/03/08 09:41:11 | 000,271,702 | ---- | M] () -- C:\Users\selmore\Desktop\AT&T Global Netowrk Services Feb.pdf
[2013/03/08 09:40:44 | 000,271,043 | ---- | M] () -- C:\Users\selmore\Desktop\AT&T Global Netowrk Services March bill.pdf
[2013/03/08 09:40:13 | 000,303,186 | ---- | M] () -- C:\Users\selmore\Desktop\AT&T Interstate Dedicated Private Line Service - Jan.pdf
[2013/03/08 09:39:57 | 000,259,648 | ---- | M] () -- C:\Users\selmore\Desktop\AT&T Interstate Dedicated Private Line Service - Mar.pdf
[2013/03/08 09:39:28 | 000,254,188 | ---- | M] () -- C:\Users\selmore\Desktop\AT&T Interstate Dedicated Private Line Service - Feb.pdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/04 19:04:45 | 000,302,806 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/04/04 09:45:04 | 000,001,389 | ---- | C] () -- C:\Users\selmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/04 09:35:21 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2013/03/22 08:37:21 | 000,244,820 | ---- | C] () -- C:\Users\selmore\Desktop\eastwood.jpg
[2013/03/22 08:36:21 | 000,021,443 | ---- | C] () -- C:\Users\selmore\Desktop\The%20Man%20With%20No%20Name.jpg
[2013/03/21 07:50:15 | 000,000,000 | ---- | C] () -- C:\Users\selmore\Desktop\Nobunaga_no_Chef_EP01_720p_HDTV_x264_AAC_mkv.z2a0jeh.partial
[2013/03/08 17:16:28 | 000,219,136 | ---- | C] () -- C:\Users\selmore\Desktop\A4 - Parts Receipt.vsd
[2013/03/08 09:41:11 | 000,271,702 | ---- | C] () -- C:\Users\selmore\Desktop\AT&T Global Netowrk Services Feb.pdf
[2013/03/08 09:40:44 | 000,271,043 | ---- | C] () -- C:\Users\selmore\Desktop\AT&T Global Netowrk Services March bill.pdf
[2013/03/08 09:40:13 | 000,303,186 | ---- | C] () -- C:\Users\selmore\Desktop\AT&T Interstate Dedicated Private Line Service - Jan.pdf
[2013/03/08 09:39:57 | 000,259,648 | ---- | C] () -- C:\Users\selmore\Desktop\AT&T Interstate Dedicated Private Line Service - Mar.pdf
[2013/03/08 09:39:28 | 000,254,188 | ---- | C] () -- C:\Users\selmore\Desktop\AT&T Interstate Dedicated Private Line Service - Feb.pdf
[2012/12/18 16:33:25 | 000,211,804 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2012/09/21 11:12:41 | 000,003,584 | ---- | C] () -- C:\Users\selmore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/06 13:57:19 | 000,020,307 | ---- | C] () -- C:\windows\cfgall.ini
[2012/08/17 13:17:07 | 000,004,764 | ---- | C] () -- C:\windows\System32\CcmFramework.ini
[2012/08/17 13:16:42 | 000,000,471 | ---- | C] () -- C:\windows\SMSCFG.ini
[2012/05/07 16:01:08 | 000,000,107 | ---- | C] () -- C:\windows\notesnsd.ini
[2012/02/07 15:39:24 | 000,116,160 | ---- | C] () -- C:\Users\selmore\AppData\Local\rx_audio.Cache
[2012/02/06 09:15:40 | 000,036,778 | RHS- | C] () -- C:\Users\selmore\ntuser.pol
[2012/01/26 17:10:09 | 000,000,000 | ---- | C] () -- C:\Users\selmore\AppData\Local\{C416E241-3811-47B5-A7B8-A25AABF03C3C}
[2012/01/24 07:54:03 | 000,000,000 | ---- | C] () -- C:\Users\selmore\AppData\Local\{852D9385-B55A-434A-BB9C-2F50F337A929}
[2012/01/18 08:37:42 | 000,000,000 | ---- | C] () -- C:\Users\selmore\AppData\Local\{EE082DCA-DEF9-4051-92EF-9BA982144581}
[2012/01/12 10:53:54 | 000,000,000 | ---- | C] () -- C:\Users\selmore\AppData\Local\{6AFC45AF-F528-48A5-A339-114585867010}
[2012/01/07 19:33:41 | 000,000,000 | ---- | C] () -- C:\Users\selmore\AppData\Local\{F4A52582-CD24-4C79-B5F0-3AE42FD4E86F}
[2011/12/29 13:54:28 | 002,396,336 | ---- | C] () -- C:\Users\selmore\AppData\Local\rx_image32.Cache
[2011/12/06 10:04:40 | 000,000,000 | ---- | C] () -- C:\Users\selmore\AppData\Local\{C0520ACE-FA6F-4836-BF02-5199E8A72141}
[2011/12/06 10:03:10 | 000,000,000 | ---- | C] () -- C:\Users\selmore\AppData\Local\{2E71A204-66F9-4E0B-B2F1-CA59C52B9705}
[2011/11/16 10:00:56 | 000,017,920 | ---- | C] () -- C:\windows\System32\implode.dll
[2011/11/16 09:59:56 | 000,193,024 | ---- | C] () -- C:\windows\System32\co2c40en.dll
[2011/11/15 22:38:57 | 000,000,017 | ---- | C] () -- C:\Users\selmore\AppData\Local\resmon.resmoncfg
[2011/11/15 16:49:50 | 000,000,091 | ---- | C] () -- C:\windows\init.ini
[2011/11/15 16:42:31 | 000,036,352 | ---- | C] () -- C:\windows\System32\SX32W.DLL
[2011/11/15 16:42:30 | 000,343,040 | ---- | C] () -- C:\windows\System32\lffpx7.dll
[2011/11/15 16:42:30 | 000,116,736 | ---- | C] () -- C:\windows\System32\lfkodak.dll
[2011/11/15 16:42:30 | 000,068,608 | ---- | C] () -- C:\windows\System32\lfplt11n.dll
[2011/11/15 14:44:21 | 000,001,387 | ---- | C] () -- C:\windows\ODBC.INI
[2011/11/15 12:14:01 | 000,014,303 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/15 10:51:52 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2011/11/15 10:32:28 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/11/15 10:14:53 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC2.dat
[2011/11/15 10:14:53 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC1.dat
[2011/11/15 10:14:53 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC0.dat
[2011/11/15 10:14:53 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX2.dat
[2011/11/15 10:14:53 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2011/11/15 10:14:53 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011/11/15 10:14:53 | 000,000,024 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011/11/15 10:12:35 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/11/15 10:10:58 | 000,224,001 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2011/11/15 10:10:58 | 000,002,888 | ---- | C] () -- C:\windows\System32\atipblag.dat
[2011/11/15 10:08:23 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 18:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010/11/20 14:29:19 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 18:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 14:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 14:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 22:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 14:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 14:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 14:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/02 22:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 18:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 14:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/07/13 18:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 18:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 18:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2010/11/20 14:29:11 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 18:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 03:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/11/20 14:29:06 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 22:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 18:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 14:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 14:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 18:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 22:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 18:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 14:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 14:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 14:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 14:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/04/30 21:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 14:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 14:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 14:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 14:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 14:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 14:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 14:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 14:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 18:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 15:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 14:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 18:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 14:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2011/03/22 13:39:32 | 000,083,984 | ---- | M] (Trend Micro Inc.) -- C:\IpXfer.exe
[2013/04/05 10:01:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 14:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 14:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
[2012/04/17 10:43:08 | 000,017,486 | ---- | M] () MD5=EB684BFAA25E3CF14FD4A863120BDC53 -- C:\Windows\System32\drivers\etc\services

< MD5 for: SERVICES.ASFX >
[2010/10/25 16:15:46 | 000,000,230 | ---- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
[2010/10/25 16:15:46 | 000,000,231 | ---- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2011/09/05 10:04:56 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
[2010/10/25 16:13:46 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/20 17:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2010/11/20 17:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.HEARSTMAGS[1].XML >
[2013/02/11 18:00:18 | 000,000,114 | ---- | M] () MD5=5D3942C777F15E3F1DAC481C257B8EDA -- C:\Users\selmore\AppData\Local\Microsoft\Internet Explorer\DOMStore\I9CLTLCC\services.hearstmags[1].xml

< MD5 for: SERVICES.LNK >
[2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013/02/14 14:02:45 | 000,000,470 | ---- | M] () MD5=AA53E2E57E26E93C963CBBD8A34A2F1E -- C:\Users\selmore\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9XEJJAPV\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 14:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 14:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/20 17:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2010/11/20 17:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 13:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 01:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2011/03/01 01:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\System32\svchost.exe
[2011/03/01 01:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009/07/13 14:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 14:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< MD5 for: WINSOCK.EXP >
[2007/02/20 18:01:00 | 000,004,117 | ---- | M] () MD5=8D1B96F20C5BC5F5FB6B94150AAEE03E -- C:\Program Files\Windows Mobile 5.0 SDK R2\Smartphone\Lib\ARMV4I\winsock.exp
[2007/02/20 18:00:26 | 000,004,112 | ---- | M] () MD5=D1728F1F4F917F8D955B70D083B77328 -- C:\Program Files\Windows Mobile 5.0 SDK R2\PocketPC\Lib\ARMV4I\winsock.exp
[2009/12/16 01:10:10 | 000,004,113 | ---- | M] () MD5=E3F4F593A3A796639C34FD756871B7DA -- C:\Program Files\Windows Mobile 6.5.3 DTK\PocketPC\Lib\Armv4i\winsock.exp

< MD5 for: WINSOCK.H >
[2007/09/27 15:19:56 | 000,037,155 | ---- | M] () MD5=312BB8216BBA1D411C7E3BFCD19DAE1C -- C:\Program Files\Microsoft SDKs\Windows\v6.0A\Include\WinSock.h
[2007/02/20 18:00:26 | 000,031,584 | ---- | M] () MD5=48E0155D9225C142ACC1A74091938AFF -- C:\Program Files\Windows Mobile 5.0 SDK R2\PocketPC\Include\Armv4i\winsock.h
[2007/02/20 18:00:58 | 000,031,584 | ---- | M] () MD5=48E0155D9225C142ACC1A74091938AFF -- C:\Program Files\Windows Mobile 5.0 SDK R2\Smartphone\Include\Armv4i\winsock.h
[2009/12/16 01:12:20 | 000,032,327 | ---- | M] () MD5=4E7A5CD6913D96F75D4520B3C65AFD90 -- C:\Program Files\Windows Mobile 6.5.3 DTK\PocketPC\Include\Armv4i\winsock.h
[2006/03/03 23:23:24 | 000,037,677 | ---- | M] () MD5=BF429731C6C413737CA92F04E73FE4CC -- C:\Program Files\Microsoft SDKs\Windows\v5.0\Include\WinSock.h
[2003/04/06 11:53:40 | 000,031,437 | ---- | M] () MD5=CABA6C991EEBC4C6C20C82025F2784C5 -- C:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\PocketPC2003\Include\winsock.h
[2003/05/06 18:34:46 | 000,031,437 | ---- | M] () MD5=CABA6C991EEBC4C6C20C82025F2784C5 -- C:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\Smartphone2003\Include\winsock.h

< MD5 for: WINSOCK.HXS >
[2007/08/15 08:09:30 | 001,781,688 | ---- | M] () MD5=7B8B69DCC26412A7C261E521B5987DC9 -- C:\Program Files\MSDN\MSDN9.0\1033\winsock.hxs

< MD5 for: WINSOCK.LIB >
[2003/05/14 09:06:48 | 000,007,064 | ---- | M] () MD5=1BBCD33F23F703864F02DFB81D1DED73 -- C:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\Smartphone2003\Lib\armv4\winsock.lib
[2007/02/20 18:01:00 | 000,007,064 | ---- | M] () MD5=3784A1D15BF4CBF48FE82DC2E656932B -- C:\Program Files\Windows Mobile 5.0 SDK R2\Smartphone\Lib\ARMV4I\winsock.lib
[2007/02/20 18:00:26 | 000,007,064 | ---- | M] () MD5=961FF10351067139E846C8723A69F1E1 -- C:\Program Files\Windows Mobile 5.0 SDK R2\PocketPC\Lib\ARMV4I\winsock.lib
[2003/04/06 11:14:20 | 000,007,064 | ---- | M] () MD5=A2CBBF9657E878812223C868BD8E2D26 -- C:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\PocketPC2003\Lib\armv4\winsock.lib
[2009/12/16 01:10:10 | 000,007,064 | ---- | M] () MD5=F5FE53321A2DECC3196D563555C0DB94 -- C:\Program Files\Windows Mobile 6.5.3 DTK\PocketPC\Lib\Armv4i\winsock.lib

< End of report >

OTL Extras logfile created on: 4/5/2013 1:58:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\selmore\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 39.93% Memory free
5.96 Gb Paging File | 4.08 Gb Available in Paging File | 68.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 200.00 Gb Total Space | 111.87 Gb Free Space | 55.94% Space Free | Partition Type: NTFS
Drive F: | 7.55 Gb Total Space | 7.34 Gb Free Space | 97.28% Space Free | Partition Type: NTFS
Drive Z: | 82.31 Gb Total Space | 72.42 Gb Free Space | 87.99% Space Free | Partition Type: NTFS

Computer Name: T13W4680 | User Name: SElmore | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1903061005-1413307639-1264475144-201363\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01661C58-DC0A-424A-AE0D-EAA25588889C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1432F69A-9FCB-4AA0-83E6-60BBA96072E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{172F5FEA-FC6C-491B-8618-2430B765D7A0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1DEFF528-5950-454A-B566-FAF1586C9E0C}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{20A1DAC5-6E5F-4CF5-B01C-2AB437581015}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{213DFD31-5698-411E-81CE-70061D20E724}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22F54194-CE3D-4CCB-8839-5AFF739710E2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2512FA0F-731D-46EF-8D4C-A419A26FB8AC}" = lport=137 | protocol=17 | dir=in | app=system |
"{26DC1B96-9528-4E73-9FEC-670D24D768CB}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B9070E0-DFE3-431B-AFC1-F4D48C1F4CAD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C41ECFF-9F2C-4996-A84B-F3C4EC582E4E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2D4AD9B8-BF51-4B61-B1F7-F109EAE4C7EC}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{2D98CCB4-1869-4F38-8394-371C608CC023}" = lport=138 | protocol=17 | dir=in | app=system |
"{34EED5BC-D389-494C-8D96-2A994D499E62}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3615861E-E18C-4963-BDE2-4D807D468F9E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3E301476-0471-4982-8C87-C85099B7E0DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F25BEB9-48C8-498C-A8AA-9ECE9F2B52CA}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{467F75F6-F1E6-451C-A30A-9876FBADE1DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4710A43C-6401-44CC-904A-83B6E5035E47}" = lport=445 | protocol=6 | dir=in | app=system |
"{492A5C63-DD31-4111-9A0C-FE4EE7E8C436}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4A286EF5-3875-4647-A464-C0517A30D77B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4CA6B269-B7F6-4A85-B153-D9045DC171B1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{522187D3-015C-427D-BF74-FC974D7CD55C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{534DCA0D-4F37-444E-BC6B-9A1B716F9D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55E3D814-9AAF-4C9C-B2CE-5B6AFE18BA4D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{58889813-4767-4F4A-A644-B25BEF1DD9B9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5DC97EE4-FB08-41FD-BC3F-594F737742E1}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5DF07C11-5A0F-4FDF-8878-F93990D87D1B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{68F17583-A97E-4B54-A550-E8ED955CFC59}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6B84D21F-71AB-426B-90E3-D83274F162F9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6EAFE9EF-053F-4912-B8C7-77BE1BEF0A7B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{76338DA8-F264-4C58-AE60-96D453F8F5B0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7BC4CAE7-4946-4BC2-9ABF-736BE3CFA1E8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D7CF188-A96F-4419-AB5A-D1AF795B2574}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8010BD18-D845-43E1-B930-8C4122A8F4F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82370529-683E-4105-B11B-0EE7B034CCF2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{87D77FDC-B332-4A44-BCA3-952F43658934}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8E62ED6D-227E-4267-9257-F7C9B584EEED}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8EE0D345-21CF-4D1D-A71B-E84479A11B8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9378A7CD-CC34-4DB2-9DF8-23C2A8B12C4B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B3C0097-7907-4A30-B08F-0E94C2DFEE3B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9DB439BA-B8AF-44CA-9C4F-D1484DFBF1B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E4EC179-8051-4A14-9A27-467A96FB501E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A0EB8044-1255-445F-88D6-FD1845B6B90D}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{A51B8DA2-7A28-4E97-A3E6-C5C9418C400C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A54C5CAD-C63E-4134-8C4F-C21B27C51DE5}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{A7DFA8DE-4CCC-4E5D-8487-AD39A890FC79}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AF8C61AE-425B-4A6A-937F-CD3ADA468635}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B0AE7B92-BE7A-4929-AAD9-39157BA88B22}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B3BBF26E-FD54-4F82-A7DB-ACC81C6A4636}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{BA0373D4-6EC4-40BA-9F84-71F6C334A76F}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{C0642D2D-B386-4792-AF2F-31328F99981C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEAC5488-F989-46C7-B387-838C604CE37F}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{CFBE8DB4-E9AD-4DE5-A0A7-D25253AA637C}" = lport=139 | protocol=6 | dir=in | app=system |
"{D0D3D8F6-8EFD-4AC0-8F0C-FBD6F23A9729}" = lport=35573 | protocol=6 | dir=in | name=trend micro officescan listener |
"{D27066F7-9C35-4EA3-8AE2-02A3E3D88429}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DCC10D0C-A67B-49D6-9BA8-E57000C5CEF6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DCC89298-0B5D-4A7D-9F72-28B28926CA79}" = rport=137 | protocol=17 | dir=out | app=system |
"{E99D3AA4-D159-406D-B53F-6C2DD16D71EE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EA653479-353D-4230-9AAC-5C21AE95E6D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE29A720-76FE-4051-9D81-2C25AF82C0A7}" = rport=138 | protocol=17 | dir=out | app=system |
"{F067EBB4-88DB-4A1D-8904-57EC718B9405}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F46035E8-000C-405E-B72C-3D33DD4EF7A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB4E3CB3-5500-42E3-8617-A88FFF3BE69D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB5CAB33-A87A-402B-953D-B0035E4FA062}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{FC747FBC-76E2-455F-AB70-830AD3D76E81}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAC7435-BDD6-4A6A-BA0C-D6533B28D971}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0C44AF1C-C50B-4FA1-B62F-7781E92AABA1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0FEC8680-BD18-43DC-A4CD-D1DE87625D38}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{13DF1DC7-3289-4FB9-A730-10772515B4E9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1545383A-B5C9-46CB-9847-363B401FF6A0}" = dir=in | app=c:\program files\microsoft lync\communicator.exe |
"{1DFBD4B5-CCDF-420D-88EE-41F2E10D615F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F89F79D-8A27-4828-973C-47B219C3D789}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{21D42CCC-9F7E-42BB-8C39-AA89A0C8D07E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2C4EB964-2C5D-40AF-8D17-AE04C533777C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{34C4A04F-D088-4441-9941-53465E2CC7B1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{44F98A8D-7F7D-4660-B46C-BCAD9D04A058}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{458E70D4-C0C4-44A3-8512-5AAC658802AB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4AA6F435-6DF6-49B7-B04D-5D08A293C5CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4D3D1818-9B96-43E5-A423-11D3A6A923C7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4DB71C24-6D70-4FD2-87A2-8D886EBD2C72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4FED1D5F-C09E-4F9B-8E79-564670FB82C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{51218AA1-054B-415B-9D0A-A753553B5E20}" = protocol=6 | dir=in | app=c:\program files\microsoft lync\communicator.exe |
"{5365DA4F-378E-4AD4-AF4E-F7C3AACFE35C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{5AADC07A-7003-494D-8CB6-C9B7554D35A0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5D3EC1FE-48EB-4C46-9CF8-9BF94DAF314D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5E68C66C-6722-43EA-A4D2-0228C3B64628}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{6282CC18-8BB9-445A-B6DF-7EEDDFF33CCD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{63C63F8E-3879-4C73-8844-C57E968F8DFB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{64541886-E197-4759-AACA-8EC38738863A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7274AE68-2987-4BC6-8625-55FC5F67270D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{799D52A6-93A0-48D2-8A2C-776D3016C68C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7E5038F3-B49D-4117-A870-A1507576220F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8116B8BD-77D3-420D-ABB6-8A1427EDD24E}" = protocol=58 | dir=out | [email protected],-28546 |
"{816A7A6D-9D84-4330-95AE-98DF777D596F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{85386EB4-F8AE-46D9-BFCC-A156FADD1D65}" = protocol=17 | dir=in | app=c:\program files\microsoft lync\communicator.exe |
"{86268487-816A-4C36-BD38-3133FE2A3FC5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8C83AC27-4AC7-46D5-B7E9-EB694554C93B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8CD54252-C7D0-4508-8137-5F91EAC7F88C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8E067EA9-C443-4174-AC91-4657247CE990}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9972A994-9A3B-45A0-B3DF-52AFEC8FC058}" = protocol=1 | dir=out | [email protected],-28544 |
"{9E683A02-9412-40B7-8C09-3C3B6898AECC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A006D255-98B6-445D-B375-4FC0B9F7F4EE}" = dir=in | app=c:\program files\microsoft lync\ucmapi.exe |
"{A59F5CCC-28A3-479F-A014-961E2A8CB5D7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AAD1714A-B5CC-4C3B-BB9E-7A7A3F3A8FC9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AD1CE967-A55C-4782-8DC0-882077132F0E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{B374979B-D821-4EAF-8D4F-A649BCE7BF34}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B448AF24-77CC-4917-8FE5-3E6B4365E90F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B5C932FD-6FA9-440B-8022-2A90AB150787}" = protocol=1 | dir=in | [email protected],-28543 |
"{BB80C0F4-2F46-40E1-851A-B1CB3FF96017}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF2D2724-11D7-4FC5-B9EE-0C94475F5C3F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0DB6A14-7FF8-46DA-B79B-AB59090A85AF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C40BDE09-7662-4F8E-9A41-6BCC6728B725}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C6C6250D-1217-4489-B203-B83EDAD08A03}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8817601-526C-438C-820C-06DB12A69206}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C9512811-84DA-47EC-8B22-A3A481B76FCC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CD80401D-4EA9-43B7-97BE-09E919E9F7B1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CDA11629-A83C-4C77-AC83-46AE687324B8}" = protocol=58 | dir=in | [email protected],-28545 |
"{CEDF1F7C-0DF6-41DC-A412-E723F01D3ECE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D23463F1-77D7-482C-AF60-97604EEB9818}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D3CAB606-9202-4F84-8A5C-741AE74480B0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DC74332B-9192-4255-BA7E-ED782C43060B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E5523A1D-A721-4E09-8B90-5928C6D5F5EB}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{E9B013EC-AC53-47CD-9DC1-A0011F86B97A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC028D26-E4F4-40A4-B255-BA0B11E7CEFD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC957012-9550-4583-85E4-B52BD81407D0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EFB33ABB-A410-4DC8-BAB1-7E7478864D48}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F5A260CB-8D49-4B94-8980-1A06E58049EA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FF338B15-ECD6-4C61-86BB-A58AD6A89DC7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{0432D3A7-0C21-F2E7-DA96-78375B300537}" = Catalyst Control Center Localization All
"{04F73471-157F-4F63-A2AD-50C1BBEECD66}" = Express Software Manager Client 9.60.1325 - TEMA Certified
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{154A9EEB-05FC-45E6-B7BD-75D27ED02276}" = Crystal11_Redistributables
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel® PROSet/Wireless WiFi Software
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{257CC8EC-D533-CE3E-18B2-0C695F190C33}" = Catalyst Control Center Graphics Previews Common
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{275ABBA2-4817-4443-9AB8-ED43CA9AAA17}" = Microsoft SQL Server 2008 BI Development Studio
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A56DAD4-FE19-803A-1E13-40739258D7D0}" = CCC Help Swedish
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E1E1C78-F86D-8F70-0A76-EAFBC9BA05BB}" = CCC Help Norwegian
"{302763FD-5CEA-4DFF-80C8-9B41414C4822}" = Roxio CinePlayer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3431A7A3-6287-46B0-8AF1-BE2452A1FE62}" = Microsoft SQL Server 2008 Books Online (English)
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37E1E0C7-95E7-4177-A375-CC41031F3D2C}" = Windows Mobile 6.5.3 Professional DTK
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{39768DE7-236C-6F2B-35D8-072B64C7485A}" = CCC Help Greek
"{39B92F01-E025-1DF8-6729-61036246AC46}" = CCC Help English
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3A9527CF-4E91-4683-A03F-F1AD022126E5}" = DirectX 9 Runtime
"{3ADBF205-3ACC-622E-95D5-0D2E12B88229}" = CCC Help Chinese Traditional
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DFB275E-92F1-4D4A-A546-C5475917FA41}" = Lotus Notes 7.0.2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EC05D25-4B2F-49E8-9E22-5CE22D99D2D7}" = CCC Help French
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
"{40F34A1C-65A2-4163-98CE-A0D0646CABEF}" = Microsoft SQL Server 2008 Integration Services
"{430F2818-7354-BAAE-C611-1B62EC8A25EA}" = ccc-core-static
"{432A2465-1E4C-7211-D7B3-AB8FA63351FA}" = CCC Help Hungarian
"{43DE8004-0A56-11D4-8B69-0050DA1FD25A}" = Loftware Programs
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{471AF8E8-3018-41F8-A724-A77580F55B91}" = Roxio Creator 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A15DF36-644B-D5AA-C86C-C17538902A7A}" = CCC Help Italian
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4C82601C-1080-4031-6C16-D71EAAEBA753}" = CCC Help Korean
"{4CDBB722-6FCC-8D4F-9674-E66F6278AE80}" = CCC Help Portuguese
"{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}" = Microsoft SQL Server 2008 Client Tools
"{53490E51-95A7-3A57-70DC-2B153E4485F1}" = CCC Help Thai
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
"{60D46DEE-5221-47AA-B978-BA25C5D9F560}" = Microsoft SQL Server 2008 Client Tools
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{64DC67D9-D7E2-D973-7FAD-E108BFAAE85D}" = ccc-utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{71EB33D6-4B2D-A9CE-4F1E-E6DA52A73A9D}" = Catalyst Control Center InstallProxy
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79CA0876-FD57-865F-37BE-B3425F20BE71}" = CCC Help Czech
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7EF2F361-2E59-16C4-F56D-A0D1E70E38D3}" = CCC Help Spanish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ABCE196-435F-574B-F6C5-90BF37CB057A}" = Catalyst Control Center Profiles Mobile
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}" = TOSHIBA ReelTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{45BB95A7-DEA9-4D8C-9D78-761C72415038}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2010
"{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJSTD_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{935BAAE8-4475-ECA5-9E13-7C888AD351F3}" = CCC Help Danish
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application and Driver Installer
"{9715ED69-300E-4E44-985D-77869865437A}" = BMC Remedy User Tool 7.1 Patch 004
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A12CF335-1B84-4781-9735-44E39C6D3DD0}" = Roxio Creator 2012
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAB42DD0-9551-4E30-A3E4-F87D4A4E1C52}" = Roxio Creator 2012
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB855989-34B6-E87D-E4C5-4F687FA547DD}" = CCC Help Polish
"{AC54DC1F-EDA7-448C-BA4C-218A92F5E985}" = Microsoft SQL Server 2008 BI Development Studio
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ADA8A3DE-5BE0-4F40-B734-603FF6931E5B}" = CCC Help Dutch
"{ADFAAD69-2F06-448C-8C78-B10ABE62952B}" = Hyena v9.0
"{AEB03FAF-90EB-4B4F-BA32-9C4DDE2C9804}" = Microsoft SQL Server 2008 Integration Services
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFBE6B38-E771-089B-63FA-660A6BC98388}" = CCC Help Russian
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B06496A8-1646-7B98-E701-4DA19377061F}" = CCC Help Chinese Standard
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BF9E346B-5ECE-4A18-9510-55729FD08323}" = Sentinel System Driver Installer 7.5.1
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7D2F175-43B2-427E-9B28-7155C4C4E359}" = TOSHIBA eco Utility
"{C89B00A2-B72A-4935-96FC-38796E9554EC}" = Microsoft Sync Services for ADO.NET v2.0 (x86)
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{CDD4495B-0424-42F0-8D89-70D47E21BD69}" = AT&T Connect Participant Application v8.9.35
"{CDE9C04A-7F8B-40A8-A4A5-875E228254A6}" = Roxio Creator Content 2012
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D51809F5-A2EF-4314-8107-C957C558FBF8}" = Juniper SSL VPN 6.2.0 - TEMA Certified
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6375AD1-E72D-B5A9-A58F-2D4887320D99}" = ATI Catalyst Install Manager
"{E65EF552-AD1B-E563-311E-A0D6D808212B}" = CCC Help German
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.6161)
"{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161" = Visual C++ 2008 x64 Runtime - v9.0.30729.6161
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F651C267-81AC-6C2F-79D9-9218184DE952}" = CCC Help Finnish
"{F81CBE1C-E3D2-86CB-31E1-A44990D4D7A5}" = CCC Help Japanese
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.13.17.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEDFB4DC-E149-4897-B616-4811C718E54F}" = TOSHIBA 180 Degrees Rotation Utility
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"1ClickDownload" = FirstRowSportApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"DivX Setup" = DivX Setup
"DivX Setup.divx.com" = DivX Setup
"Free Download Manager_is1" = Free Download Manager 3.9.2
"GearBox 1.00" = GearBox 1.00 (Remove Only)
"GOM Player" = GOM Player
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}" = TOSHIBA ReelTime
"InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Juniper Network Connect 6.2.0" = Juniper Networks Network Connect 6.2.0
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper Network Connect 7.1.13" = Juniper Networks Network Connect 7.1.13
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"Network Viewer v2.2 (002)" = Network Viewer v2.2 (002)
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.PRJSTD" = Microsoft Project Standard 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"Pure Sudoku_is1" = Pure Sudoku 1.52
"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
"ThumbsPlus7" = ThumbsPlus version 7 SP2
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1903061005-1413307639-1264475144-201363\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2013 1:15:44 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = WinMgmt | ID = 10
Description =

Error - 4/5/2013 4:50:47 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MSSQL$SQLEXPRESS | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 4/5/2013 4:50:47 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MSSQL$SQLEXPRESS | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

Error - 4/5/2013 4:51:02 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = AutoEnrollment | ID = 6
Description =

Error - 4/5/2013 4:51:45 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = WinMgmt | ID = 10
Description =

Error - 4/5/2013 4:52:37 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = Toshiba App Place | ID = 0
Description =

Error - 4/5/2013 4:54:31 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 4/5/2013 4:54:31 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 4/5/2013 4:57:11 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 4/5/2013 4:57:11 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ Media Center Events ]
Error - 3/27/2013 2:13:32 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MCUpdate | ID = 0
Description = 11:13:32 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/27/2013 2:13:33 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MCUpdate | ID = 0
Description = 11:13:32 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 3/27/2013 2:13:36 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MCUpdate | ID = 0
Description = 11:13:33 AM - Failed to retrieve Broadband (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/28/2013 11:07:24 AM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MCUpdate | ID = 0
Description = 8:07:24 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 3/28/2013 11:07:45 AM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MCUpdate | ID = 0
Description = 8:07:45 AM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 3/28/2013 11:07:46 AM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MCUpdate | ID = 0
Description = 8:07:46 AM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/28/2013 11:07:46 AM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MCUpdate | ID = 0
Description = 8:07:46 AM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/28/2013 11:07:47 AM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MCUpdate | ID = 0
Description = 8:07:47 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/28/2013 11:07:47 AM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MCUpdate | ID = 0
Description = 8:07:47 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 3/28/2013 11:07:50 AM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = MCUpdate | ID = 0
Description = 8:07:47 AM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 4/5/2013 1:14:37 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 4/5/2013 1:15:04 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = DCOM | ID = 10016
Description =

Error - 4/5/2013 1:18:57 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = DCOM | ID = 10016
Description =

Error - 4/5/2013 4:50:33 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:28:43 AM on ?4/?5/?2013 was unexpected.

Error - 4/5/2013 4:50:39 PM | Computer Name = T13W4680 | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain TMM due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 4/5/2013 4:50:39 PM | Computer Name = T13W4680 | Source = BugCheck | ID = 1001
Description =

Error - 4/5/2013 4:50:40 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 4/5/2013 4:51:00 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 4/5/2013 4:51:26 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = DCOM | ID = 10016
Description =

Error - 4/5/2013 4:57:35 PM | Computer Name = T13W4680.tmm.na.corp.toyota.com | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking good, now just to check for orphans

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

#9
selmore

selmore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ok - here's the log. Looks good !

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.05.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
SElmore :: T13W4680 [administrator]

Protection: Enabled

4/5/2013 2:48:26 PM
mbam-log-2013-04-05 (14-48-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323631
Time elapsed: 17 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nice :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

OK.[/list]
Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP