Solved Norton told me I have a Trojan and that they could fix it for $299

Status
Not open for further replies.
OTL.Txt Part 2

[FONT=Arial]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< hklm\software\clients\startmenuinternet|command /rs >[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< hklm\software\clients\startmenuinternet|command /64 /rs >[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Arial]HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\system32\drivers\*.sys /90 >[/FONT]
[FONT=Arial][2012/08/08 11:11:11 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\system32\drivers\56258661.sys[/FONT]
[FONT=Arial][2012/06/02 00:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\drivers\cng.sys[/FONT]
[FONT=Arial][2012/06/02 00:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\drivers\ksecdd.sys[/FONT]
[FONT=Arial][2012/06/02 00:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\drivers\ksecpkg.sys[/FONT]
[FONT=Arial][2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\system32\drivers\mbam.sys[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\System32\config\*.sav >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %SYSTEMDRIVE%\*.exe /md5 >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< "%WinDir%\$NtUninstallKB*$." /30 >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\*. /mp /s >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\*. /rp /s >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\system32\*.dll /lockedfiles >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\Tasks\*.job /lockedfiles >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\Installer\ /s >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\system32\Cache\ /s >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\system32\config\systemprofile\Application Data /s >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %PROGRAMFILES%\*. >[/FONT]
[FONT=Arial][2011/10/24 21:33:23 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe[/FONT]
[FONT=Arial][2011/09/14 18:53:06 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update[/FONT]
[FONT=Arial][2010/07/20 00:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\ATI[/FONT]
[FONT=Arial][2010/07/20 00:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies[/FONT]
[FONT=Arial][2011/04/18 13:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer[/FONT]
[FONT=Arial][2011/11/21 00:33:22 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour[/FONT]
[FONT=Arial][2011/09/22 15:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\Canon[/FONT]
[FONT=Arial][2010/12/27 23:05:02 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ[/FONT]
[FONT=Arial][2011/06/01 15:02:20 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix[/FONT]
[FONT=Arial][2012/08/13 19:48:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files[/FONT]
[FONT=Arial][2009/08/28 00:07:58 | 000,000,000 | ---D | M] -- C:\Program Files\Corel[/FONT]
[FONT=Arial][2011/03/30 22:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons[/FONT]
[FONT=Arial][2012/08/01 23:07:58 | 000,000,000 | ---D | M] -- C:\Program Files\DefaultTab[/FONT]
[FONT=Arial][2011/04/08 20:32:59 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX[/FONT]
[FONT=Arial][2011/08/01 15:29:52 | 000,000,000 | ---D | M] -- C:\Program Files\Dorling Kindersley[/FONT]
[FONT=Arial][2011/07/24 14:52:33 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker[/FONT]
[FONT=Arial][2012/08/09 19:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\ESET[/FONT]
[FONT=Arial][2011/01/08 22:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com[/FONT]
[FONT=Arial][2011/11/17 08:11:47 | 000,000,000 | ---D | M] -- C:\Program Files\Google[/FONT]
[FONT=Arial][2011/08/01 15:29:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information[/FONT]
[FONT=Arial][2012/06/14 08:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer[/FONT]
[FONT=Arial][2009/08/28 00:12:58 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit[/FONT]
[FONT=Arial][2012/05/27 01:04:24 | 000,000,000 | ---D | M] -- C:\Program Files\iPod[/FONT]
[FONT=Arial][2012/05/27 01:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes[/FONT]
[FONT=Arial][2012/08/02 22:18:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java[/FONT]
[FONT=Arial][2011/09/14 18:53:07 | 000,000,000 | ---D | M] -- C:\Program Files\LeapFrog[/FONT]
[FONT=Arial][2012/08/01 18:30:11 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware[/FONT]
[FONT=Arial][2012/04/09 08:52:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft[/FONT]
[FONT=Arial][2009/07/14 03:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games[/FONT]
[FONT=Arial][2011/04/08 21:16:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint[/FONT]
[FONT=Arial][2011/07/24 12:25:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office[/FONT]
[FONT=Arial][2010/07/20 00:36:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant[/FONT]
[FONT=Arial][2012/05/19 16:35:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight[/FONT]
[FONT=Arial][2009/08/28 00:16:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition[/FONT]
[FONT=Arial][2011/01/25 22:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio[/FONT]
[FONT=Arial][2011/01/25 22:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8[/FONT]
[FONT=Arial][2011/09/14 18:53:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works[/FONT]
[FONT=Arial][2010/12/17 14:36:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET[/FONT]
[FONT=Arial][2012/08/01 14:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox[/FONT]
[FONT=Arial][2011/01/25 22:11:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild[/FONT]
[FONT=Arial][2011/04/18 13:02:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar[/FONT]
[FONT=Arial][2011/01/25 01:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0[/FONT]
[FONT=Arial][2012/01/04 01:04:22 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360[/FONT]
[FONT=Arial][2009/08/28 00:17:34 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller[/FONT]
[FONT=Arial][2012/08/02 22:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle[/FONT]
[FONT=Arial][2010/12/12 23:40:43 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic[/FONT]
[FONT=Arial][2009/08/28 00:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\PlayReady[/FONT]
[FONT=Arial][2011/09/14 18:53:07 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken[/FONT]
[FONT=Arial][2012/05/27 00:59:49 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime[/FONT]
[FONT=Arial][2010/07/20 00:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek[/FONT]
[FONT=Arial][2010/07/20 00:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek WLAN Driver[/FONT]
[FONT=Arial][2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies[/FONT]
[FONT=Arial][2012/01/04 01:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec[/FONT]
[FONT=Arial][2010/07/20 00:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics[/FONT]
[FONT=Arial][2010/07/20 00:42:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp[/FONT]
[FONT=Arial][2010/12/12 23:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA[/FONT]
[FONT=Arial][2009/08/28 00:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA Corporation[/FONT]
[FONT=Arial][2009/08/28 00:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA Games[/FONT]
[FONT=Arial][2011/04/12 21:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax[/FONT]
[FONT=Arial][2009/07/14 00:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information[/FONT]
[FONT=Arial][2011/01/21 02:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN[/FONT]
[FONT=Arial][2011/07/24 14:52:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender[/FONT]
[FONT=Arial][2012/05/11 18:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal[/FONT]
[FONT=Arial][2011/04/20 01:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live[/FONT]
[FONT=Arial][2011/07/24 14:52:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail[/FONT]
[FONT=Arial][2011/07/24 14:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player[/FONT]
[FONT=Arial][2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT[/FONT]
[FONT=Arial][2011/07/24 14:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer[/FONT]
[FONT=Arial][2011/07/24 14:52:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices[/FONT]
[FONT=Arial][2011/07/24 14:52:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar[/FONT]
[FONT=Arial][2012/08/02 21:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %appdata%\*.* >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: AFD.SYS >[/FONT]
[FONT=Arial][2011/04/24 22:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys[/FONT]
[FONT=Arial][2010/11/20 04:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys[/FONT]
[FONT=Arial][2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys[/FONT]
[FONT=Arial][2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys[/FONT]
[FONT=Arial][2011/04/24 22:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys[/FONT]
[FONT=Arial][2011/04/24 23:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys[/FONT]
[FONT=Arial][2009/07/13 19:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: ATAPI.SYS >[/FONT]
[FONT=Arial][2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys[/FONT]
[FONT=Arial][2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys[/FONT]
[FONT=Arial][2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys[/FONT]
[FONT=Arial][2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys[/FONT]
[FONT=Arial][2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: CRYPTSVC.DLL >[/FONT]
[FONT=Arial][2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\erdnt\cache\cryptsvc.dll[/FONT]
[FONT=Arial][2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\System32\cryptsvc.dll[/FONT]
[FONT=Arial][2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll[/FONT]
[FONT=Arial][2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll[/FONT]
[FONT=Arial][2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll[/FONT]
[FONT=Arial][2009/07/13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll[/FONT]
[FONT=Arial][2010/11/20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll[/FONT]
[FONT=Arial][2012/04/24 00:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: DNSRSLVR.DLL >[/FONT]
[FONT=Arial][2010/11/20 08:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll[/FONT]
[FONT=Arial][2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll[/FONT]
[FONT=Arial][2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll[/FONT]
[FONT=Arial][2011/03/03 01:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll[/FONT]
[FONT=Arial][2011/03/03 01:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll[/FONT]
[FONT=Arial][2009/07/13 21:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll[/FONT]
[FONT=Arial][2011/03/03 01:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: ES.DLL >[/FONT]
[FONT=Arial][2012/08/14 00:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Users\Shinji\AppData\Local\Google\Chrome\Application\21.0.1180.79\Locales\es.dll[/FONT]
[FONT=Arial][2012/08/07 02:42:39 | 000,008,728 | ---- | M] () MD5=DA1DB7B22439EEFAF1AF12F32164772C -- C:\Users\Shinji\AppData\Local\Google\Chrome\Application\21.0.1180.75\Locales\es.dll[/FONT]
[FONT=Arial][2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache\es.dll[/FONT]
[FONT=Arial][2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll[/FONT]
[FONT=Arial][2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: EXPLORER.EXE >[/FONT]
[FONT=Arial][2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe[/FONT]
[FONT=Arial][2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe[/FONT]
[FONT=Arial][2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe[/FONT]
[FONT=Arial][2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe[/FONT]
[FONT=Arial][2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe[/FONT]
[FONT=Arial][2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe[/FONT]
[FONT=Arial][2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe[/FONT]
[FONT=Arial][2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe[/FONT]
[FONT=Arial][2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe[/FONT]
[FONT=Arial][2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe[/FONT]
[FONT=Arial][2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe[/FONT]
[FONT=Arial][2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: IPNATHLP.DLL >[/FONT]
[FONT=Arial][2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll[/FONT]
[FONT=Arial][2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: NETBT.SYS >[/FONT]
[FONT=Arial][2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys[/FONT]
[FONT=Arial][2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys[/FONT]
[FONT=Arial][2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: NETMAN.DLL >[/FONT]
[FONT=Arial][2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\erdnt\cache\netman.dll[/FONT]
[FONT=Arial][2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll[/FONT]
[FONT=Arial][2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: QMGR.DLL >[/FONT]
[FONT=Arial][2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll[/FONT]
[FONT=Arial][2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll[/FONT]
[FONT=Arial][2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll[/FONT]
[FONT=Arial][2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: RPCSS.DLL >[/FONT]
[FONT=Arial][2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\erdnt\cache\rpcss.dll[/FONT]
[FONT=Arial][2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll[/FONT]
[FONT=Arial][2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll[/FONT]
[FONT=Arial][2009/07/13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: SERVICES.EXE >[/FONT]
[FONT=Arial][2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe[/FONT]
[FONT=Arial][2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe[/FONT]
[FONT=Arial][2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: SVCHOST.EXE >[/FONT]
[FONT=Arial][2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe[/FONT]
[FONT=Arial][2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe[/FONT]
[FONT=Arial][2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe[/FONT]
[FONT=Arial][2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: TCPIP.SYS >[/FONT]
[FONT=Arial][2011/04/25 00:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys[/FONT]
[FONT=Arial][2011/06/21 01:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys[/FONT]
[FONT=Arial][2011/09/29 12:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys[/FONT]
[FONT=Arial][2011/04/25 00:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys[/FONT]
[FONT=Arial][2009/07/13 21:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys[/FONT]
[FONT=Arial][2010/11/20 08:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys[/FONT]
[FONT=Arial][2011/09/29 12:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys[/FONT]
[FONT=Arial][2012/03/30 06:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys[/FONT]
[FONT=Arial][2011/09/29 11:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys[/FONT]
[FONT=Arial][2011/09/29 12:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys[/FONT]
[FONT=Arial][2011/04/25 02:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys[/FONT]
[FONT=Arial][2012/03/30 06:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\erdnt\cache\tcpip.sys[/FONT]
[FONT=Arial][2012/03/30 06:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys[/FONT]
[FONT=Arial][2012/03/30 06:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys[/FONT]
[FONT=Arial][2011/04/25 00:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys[/FONT]
[FONT=Arial][2012/03/30 05:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys[/FONT]
[FONT=Arial][2011/06/21 01:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys[/FONT]
[FONT=Arial][2010/06/14 02:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys[/FONT]
[FONT=Arial][2010/06/14 02:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys[/FONT]
[FONT=Arial][2011/06/21 01:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys[/FONT]
[FONT=Arial][2011/06/21 02:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys[/FONT]
[FONT=Arial][2012/03/30 06:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: TDX.SYS >[/FONT]
[FONT=Arial][2010/11/20 04:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\erdnt\cache\tdx.sys[/FONT]
[FONT=Arial][2010/11/20 04:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys[/FONT]
[FONT=Arial][2010/11/20 04:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys[/FONT]
[FONT=Arial][2009/07/13 19:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: USERINIT.EXE >[/FONT]
[FONT=Arial][2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe[/FONT]
[FONT=Arial][2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe[/FONT]
[FONT=Arial][2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe[/FONT]
[FONT=Arial][2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: VOLSNAP.SYS >[/FONT]
[FONT=Arial][2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys[/FONT]
[FONT=Arial][2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys[/FONT]
[FONT=Arial][2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys[/FONT]
[FONT=Arial][2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: WININIT.EXE >[/FONT]
[FONT=Arial][2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache\wininit.exe[/FONT]
[FONT=Arial][2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe[/FONT]
[FONT=Arial][2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: WINLOGON.EXE >[/FONT]
[FONT=Arial][2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe[/FONT]
[FONT=Arial][2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe[/FONT]
[FONT=Arial][2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe[/FONT]
[FONT=Arial][2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe[/FONT]
[FONT=Arial][2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe[/FONT]
[FONT=Arial][2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe[/FONT]
[FONT=Arial][2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: WMISVC.DLL >[/FONT]
[FONT=Arial][2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll[/FONT]
[FONT=Arial][2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll[/FONT]
[FONT=Arial][2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< MD5 for: WSCSVC.DLL >[/FONT]
[FONT=Arial][2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll[/FONT]
[FONT=Arial][2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll[/FONT]
[FONT=Arial][2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll[/FONT]
[FONT=Arial][2010/12/21 01:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll[/FONT]
[FONT=Arial][2010/12/21 01:29:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< End of report >[/FONT]
 
Extras.Txt

[FONT=Arial] [/FONT]
[FONT=Arial]OTL Extras logfile created on: 8/16/2012 2:09:37 PM - Run 1[/FONT]
[FONT=Arial]OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Shinji\Desktop[/FONT]
[FONT=Arial] Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation[/FONT]
[FONT=Arial]Internet Explorer (Version = 8.0.7601.17514)[/FONT]
[FONT=Arial]Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]1.75 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 34.65% Memory free[/FONT]
[FONT=Arial]3.50 Gb Paging File | 2.08 Gb Available in Paging File | 59.55% Paging File free[/FONT]
[FONT=Arial]Paging file location(s): ?:\pagefile.sys [binary data][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files[/FONT]
[FONT=Arial]Drive C: | 223.33 Gb Total Space | 179.91 Gb Free Space | 80.56% Space Free | Partition Type: NTFS[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Computer Name: SHINJI-PC | User Name: Shinji | Logged in as Administrator.[/FONT]
[FONT=Arial]Boot Mode: Normal | Scan Mode: Current user[/FONT]
[FONT=Arial]Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Extra Registry (SafeList) ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== File Associations ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][/FONT]
[FONT=Arial].cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)[/FONT]
[FONT=Arial].hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Shell Spawning ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command][/FONT]
[FONT=Arial]batfile [open] -- "%1" %*[/FONT]
[FONT=Arial]cmdfile [open] -- "%1" %*[/FONT]
[FONT=Arial]comfile [open] -- "%1" %*[/FONT]
[FONT=Arial]cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)[/FONT]
[FONT=Arial]exefile [open] -- "%1" %*[/FONT]
[FONT=Arial]helpfile [open] -- Reg Error: Key error.[/FONT]
[FONT=Arial]hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)[/FONT]
[FONT=Arial]piffile [open] -- "%1" %*[/FONT]
[FONT=Arial]regfile [merge] -- Reg Error: Key error.[/FONT]
[FONT=Arial]scrfile [config] -- "%1"[/FONT]
[FONT=Arial]scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l[/FONT]
[FONT=Arial]scrfile [open] -- "%1" /S[/FONT]
[FONT=Arial]txtfile [edit] -- Reg Error: Key error.[/FONT]
[FONT=Arial]Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1[/FONT]
[FONT=Arial]Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)[/FONT]
[FONT=Arial]Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Arial]Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Arial]Folder [explore] -- Reg Error: Value error.[/FONT]
[FONT=Arial]Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Security Center Settings ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][/FONT]
[FONT=Arial]"cval" = 1[/FONT]
[FONT=Arial]"UpdatesDisableNotify" = 0[/FONT]
[FONT=Arial]"FirewallDisableNotify" = 0[/FONT]
[FONT=Arial]"AntiVirusDisableNotify" = 0[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc][/FONT]
[FONT=Arial]"VistaSp1" = Reg Error: Unknown registry data type -- File not found[/FONT]
[FONT=Arial]"AntiVirusOverride" = 0[/FONT]
[FONT=Arial]"AntiSpywareOverride" = 0[/FONT]
[FONT=Arial]"FirewallOverride" = 0[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== System Restore Settings ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore][/FONT]
[FONT=Arial]"DisableSR" = 0[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Firewall Settings ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][/FONT]
[FONT=Arial]"DisableNotifications" = 0[/FONT]
[FONT=Arial]"EnableFirewall" = 1[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile][/FONT]
[FONT=Arial]"DisableNotifications" = 0[/FONT]
[FONT=Arial]"EnableFirewall" = 1[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile][/FONT]
[FONT=Arial]"DisableNotifications" = 0[/FONT]
[FONT=Arial]"EnableFirewall" = 1[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Authorized Applications List ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Vista Active Open Ports Exception List ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules][/FONT]
[FONT=Arial]"{034A10A3-D8AC-4DE2-AB4D-6CA4A21E268F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | [/FONT]
[FONT=Arial]"{10EC38E2-E72D-45EE-88C7-B8E8ED82C565}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | [/FONT]
[FONT=Arial]"{159916ED-BD27-4049-BCBF-09C69B834BFF}" = lport=2869 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Arial]"{20969656-B142-46A4-B71D-A5D693327570}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{38C9414F-32BB-4363-9F63-8C6FF23B2CE1}" = lport=2869 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Arial]"{3BC91621-1D8E-4DF5-8DF4-3DB73EC88D0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | [/FONT]
[FONT=Arial]"{4184636F-D634-4461-BBE0-0F84489EA7F3}" = lport=139 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Arial]"{4AE56D7E-8C8F-42F2-B37B-E6A9E5FBD539}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{59B58A95-71E1-40CC-AD08-6DB91CAD1008}" = rport=139 | protocol=6 | dir=out | app=system | [/FONT]
[FONT=Arial]"{6CD5713E-D336-41FC-92E8-A018F9E8A4DE}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe | [/FONT]
[FONT=Arial]"{7155AC61-B188-4F3A-8FA7-E6C360B7F04F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | [/FONT]
[FONT=Arial]"{73DE3C11-99F4-41CC-BCC4-DBE3BC913668}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{79A47543-4A6E-4D35-9960-5F3DEB6093A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{830BF615-6653-40A7-93F2-A5AB9DCF5C6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{8BC2026C-BBE9-4FF0-8DB8-A60787304574}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | [/FONT]
[FONT=Arial]"{8BCD3919-EE9E-43E3-A9CC-E245EDA4A555}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe | [/FONT]
[FONT=Arial]"{8CF2BD24-1761-4300-A292-7BC47F765D5C}" = rport=445 | protocol=6 | dir=out | app=system | [/FONT]
[FONT=Arial]"{91FD9003-3766-485E-8A7B-35E7CAD4AEB5}" = lport=137 | protocol=17 | dir=in | app=system | [/FONT]
[FONT=Arial]"{A6CB10E0-37FD-4A0C-87E5-1EEE2972E6C1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{A8F23AE5-A78B-4032-B6FF-799C739834CF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{A9560057-CD01-4187-8150-7B95C6AB1F92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{AB2C89B9-E358-4CA8-94D1-4A8AB114239E}" = lport=445 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Arial]"{B252D743-3AAD-461C-B3E6-A9CD59E679E8}" = rport=138 | protocol=17 | dir=out | app=system | [/FONT]
[FONT=Arial]"{C1282D80-E801-4BD1-A3DA-B0A37044C1D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{C29733A9-1D43-40A6-BC5F-92362F653AA2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | [/FONT]
[FONT=Arial]"{C2DAC132-32C3-40E3-83A6-BF16290EC5CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{DE9E48F3-AC16-47C1-BA6F-97673A43E73E}" = lport=10243 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Arial]"{E3BBE552-AC0C-434F-9214-02584E038099}" = rport=137 | protocol=17 | dir=out | app=system | [/FONT]
[FONT=Arial]"{F12779FA-364E-47D8-A414-306C7EEDF47C}" = lport=138 | protocol=17 | dir=in | app=system | [/FONT]
[FONT=Arial]"{F77ABA8A-AD55-43DD-BB9B-5FAE1B6700E8}" = rport=10243 | protocol=6 | dir=out | app=system | [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Vista Active Application Exception List ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules][/FONT]
[FONT=Arial]"{01BC30CB-EEEF-45A2-AE22-6BDA6A572C64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Arial]"{029169C1-C46F-4894-B78E-F0546D87FCAA}" = protocol=6 | dir=out | app=system | [/FONT]
[FONT=Arial]"{08550900-029A-4C7E-90E7-4330A8FC9CA9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | [/FONT]
[FONT=Arial]"{0A6D105D-5C1C-4E14-B31E-6E84E273AD5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Arial]"{0AC8A468-2EA0-4E6F-847A-16D60EFBC2BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Arial]"{0F3A9138-3985-4186-9F11-A8162C53AD68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | [/FONT]
[FONT=Arial]"{12629EF8-5AB0-4752-8151-2520FDFEA6D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | [/FONT]
[FONT=Arial]"{1470485D-14B3-4B30-A56E-FF044E56EFD5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | [/FONT]
[FONT=Arial]"{1C426E47-6E8E-4568-A469-3BBD69F5FC58}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | [/FONT]
[FONT=Arial]"{2D07CEF8-4D4F-474A-B752-8755D1C12A00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Arial]"{598BEE4D-475D-457F-A208-F280DB9A8B7A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | [/FONT]
[FONT=Arial]"{64035E44-58DC-418E-895F-997F6514108E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | [/FONT]
[FONT=Arial]"{6ABC96B6-C3FE-4118-8A35-DEAAA1781991}" = dir=in | app=c:\program files\itunes\itunes.exe | [/FONT]
[FONT=Arial]"{79307E06-38CB-41DE-88E6-8994DC5B5FA5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | [/FONT]
[FONT=Arial]"{7AB270EC-8509-487B-B4BC-07CB38F07E68}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | [/FONT]
[FONT=Arial]"{9335B1C0-D150-46CA-BDC5-7CDF26A42093}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | [/FONT]
[FONT=Arial]"{A0388050-BE47-45CE-A161-DA97424079E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | [/FONT]
[FONT=Arial]"{A76E92A0-3DBF-4EBA-8A50-7E9C868734BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | [/FONT]
[FONT=Arial]"{B3B7710B-2A16-4AC0-B0B0-0503E602EE99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Arial]"{B5AEF1F4-6D35-425E-AC30-B4FC149BAA15}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | [/FONT]
[FONT=Arial]"{B99D3A95-4AF8-437A-88B2-0BA60C967D2E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | [/FONT]
[FONT=Arial]"{BC4E1471-93FD-4957-8256-74A96DD287A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | [/FONT]
[FONT=Arial]"{BC9D7507-1232-41F8-A5B0-242E627C85A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | [/FONT]
[FONT=Arial]"{BE5D1621-3752-4A46-80B0-A99FED27B352}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Arial]"{C51C3077-C097-4F2A-A9C4-B1B427A54197}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | [/FONT]
[FONT=Arial]"{C9BA1A14-17BA-4E54-AD44-5D326EFD95B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Arial]"{CC0E2864-C4FA-4097-819A-B99CFE422A48}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe | [/FONT]
[FONT=Arial]"{D525606F-3503-4BC0-85A7-BF6B087C80EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | [/FONT]
[FONT=Arial]"{D85EC5F2-C0AC-4359-84D5-3790EE228345}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | [/FONT]
[FONT=Arial]"{E5368E91-98FC-4049-977F-7718AD707E0C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | [/FONT]
[FONT=Arial]"{FECEADC3-AD49-426A-8024-5A4FA54F0111}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall][/FONT]
[FONT=Arial]"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0[/FONT]
[FONT=Arial]"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba[/FONT]
[FONT=Arial]"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper[/FONT]
[FONT=Arial]"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport[/FONT]
[FONT=Arial]"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar[/FONT]
[FONT=Arial]"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer[/FONT]
[FONT=Arial]"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0[/FONT]
[FONT=Arial]"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing[/FONT]
[FONT=Arial]"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime[/FONT]
[FONT=Arial]"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver[/FONT]
[FONT=Arial]"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1[/FONT]
[FONT=Arial]"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian[/FONT]
[FONT=Arial]"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish[/FONT]
[FONT=Arial]"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver[/FONT]
[FONT=Arial]"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist[/FONT]
[FONT=Arial]"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static[/FONT]
[FONT=Arial]"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works[/FONT]
[FONT=Arial]"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources[/FONT]
[FONT=Arial]"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer[/FONT]
[FONT=Arial]"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client[/FONT]
[FONT=Arial]"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker[/FONT]
[FONT=Arial]"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French[/FONT]
[FONT=Arial]"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update[/FONT]
[FONT=Arial]"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions[/FONT]
[FONT=Arial]"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service[/FONT]
[FONT=Arial]"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer[/FONT]
[FONT=Arial]"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes[/FONT]
[FONT=Arial]"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31[/FONT]
[FONT=Arial]"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5[/FONT]
[FONT=Arial]"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections[/FONT]
[FONT=Arial]"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety[/FONT]
[FONT=Arial]"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista[/FONT]
[FONT=Arial]"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery[/FONT]
[FONT=Arial]"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery[/FONT]
[FONT=Arial]"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset[/FONT]
[FONT=Arial]"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center[/FONT]
[FONT=Arial]"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile[/FONT]
[FONT=Arial]"{3C6BE429-9C6E-4A02-A085-73FB485D3BBA}" = LeapFrog Tag Plugin[/FONT]
[FONT=Arial]"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New[/FONT]
[FONT=Arial]"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0[/FONT]
[FONT=Arial]"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources[/FONT]
[FONT=Arial]"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater[/FONT]
[FONT=Arial]"{4B08CD7C-AE3E-4E64-BD0A-6C0D768B248A}" = Smart Steps 1st Grade[/FONT]
[FONT=Arial]"{4BC83065-F98B-4DB1-B4AE-AA2F1FA9BA2B}" = LeapFrog Connect[/FONT]
[FONT=Arial]"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform[/FONT]
[FONT=Arial]"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper[/FONT]
[FONT=Arial]"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion[/FONT]
[FONT=Arial]"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password[/FONT]
[FONT=Arial]"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility[/FONT]
[FONT=Arial]"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup[/FONT]
[FONT=Arial]"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian[/FONT]
[FONT=Arial]"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean[/FONT]
[FONT=Arial]"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration[/FONT]
[FONT=Arial]"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator[/FONT]
[FONT=Arial]"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian[/FONT]
[FONT=Arial]"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM[/FONT]
[FONT=Arial]"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center[/FONT]
[FONT=Arial]"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant[/FONT]
[FONT=Arial]"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility[/FONT]
[FONT=Arial]"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform[/FONT]
[FONT=Arial]"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE[/FONT]
[FONT=Arial]"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin[/FONT]
[FONT=Arial]"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack[/FONT]
[FONT=Arial]"{6DEEA6A7-AC84-4C08-9944-E06E08DF98B4}" = TurboTax 2010 wctiper[/FONT]
[FONT=Arial]"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common[/FONT]
[FONT=Arial]"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable[/FONT]
[FONT=Arial]"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian[/FONT]
[FONT=Arial]"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053[/FONT]
[FONT=Arial]"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update[/FONT]
[FONT=Arial]"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core[/FONT]
[FONT=Arial]"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour[/FONT]
[FONT=Arial]"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security[/FONT]
[FONT=Arial]"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger[/FONT]
[FONT=Arial]"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync[/FONT]
[FONT=Arial]"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver[/FONT]
[FONT=Arial]"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02[/FONT]
[FONT=Arial]"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight[/FONT]
[FONT=Arial]"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime[/FONT]
[FONT=Arial]"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese[/FONT]
[FONT=Arial]"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT[/FONT]
[FONT=Arial]"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007[/FONT]
[FONT=Arial]"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007[/FONT]
[FONT=Arial]"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007[/FONT]
[FONT=Arial]"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system[/FONT]
[FONT=Arial]"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007[/FONT]
[FONT=Arial]"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007[/FONT]
[FONT=Arial]"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In[/FONT]
[FONT=Arial]"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007[/FONT]
[FONT=Arial]"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007[/FONT]
[FONT=Arial]"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Arial]"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech[/FONT]
[FONT=Arial]"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish[/FONT]
[FONT=Arial]"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light[/FONT]
[FONT=Arial]"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker[/FONT]
[FONT=Arial]"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)[/FONT]
[FONT=Arial]"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting[/FONT]
[FONT=Arial]"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector[/FONT]
[FONT=Arial]"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German[/FONT]
[FONT=Arial]"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader[/FONT]
[FONT=Arial]"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer[/FONT]
[FONT=Arial]"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai[/FONT]
[FONT=Arial]"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish[/FONT]
[FONT=Arial]"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO[/FONT]
[FONT=Arial]"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher[/FONT]
[FONT=Arial]"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail[/FONT]
[FONT=Arial]"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh[/FONT]
[FONT=Arial]"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine[/FONT]
[FONT=Arial]"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer[/FONT]
[FONT=Arial]"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English[/FONT]
[FONT=Arial]"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper[/FONT]
[FONT=Arial]"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common[/FONT]
[FONT=Arial]"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer[/FONT]
[FONT=Arial]"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer[/FONT]
[FONT=Arial]"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station[/FONT]
[FONT=Arial]"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)[/FONT]
[FONT=Arial]"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish[/FONT]
[FONT=Arial]"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR[/FONT]
[FONT=Arial]"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter[/FONT]
[FONT=Arial]"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional[/FONT]
[FONT=Arial]"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager[/FONT]
[FONT=Arial]"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator[/FONT]
[FONT=Arial]"{BA4DF4C3-196E-4128-969A-00996B5A46F8}" = Canon MP500[/FONT]
[FONT=Arial]"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish[/FONT]
[FONT=Arial]"{C1090432-AD78-4965-A23A-5539744C1821}" = LeapFrog Leapster2 Plugin[/FONT]
[FONT=Arial]"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup[/FONT]
[FONT=Arial]"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy[/FONT]
[FONT=Arial]"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail[/FONT]
[FONT=Arial]"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86[/FONT]
[FONT=Arial]"{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0[/FONT]
[FONT=Arial]"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform[/FONT]
[FONT=Arial]"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation[/FONT]
[FONT=Arial]"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack[/FONT]
[FONT=Arial]"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish[/FONT]
[FONT=Arial]"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert[/FONT]
[FONT=Arial]"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common[/FONT]
[FONT=Arial]"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform[/FONT]
[FONT=Arial]"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch[/FONT]
[FONT=Arial]"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher[/FONT]
[FONT=Arial]"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime[/FONT]
[FONT=Arial]"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources[/FONT]
[FONT=Arial]"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh[/FONT]
[FONT=Arial]"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10[/FONT]
[FONT=Arial]"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard[/FONT]
[FONT=Arial]"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding[/FONT]
[FONT=Arial]"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant[/FONT]
[FONT=Arial]"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application[/FONT]
[FONT=Arial]"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger[/FONT]
[FONT=Arial]"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support[/FONT]
[FONT=Arial]"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All[/FONT]
[FONT=Arial]"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009[/FONT]
[FONT=Arial]"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications[/FONT]
[FONT=Arial]"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support[/FONT]
[FONT=Arial]"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU][/FONT]
[FONT=Arial]"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver[/FONT]
[FONT=Arial]"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree[/FONT]
[FONT=Arial]"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety[/FONT]
[FONT=Arial]"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek[/FONT]
[FONT=Arial]"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials[/FONT]
[FONT=Arial]"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package[/FONT]
[FONT=Arial]"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese[/FONT]
[FONT=Arial]"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)[/FONT]
[FONT=Arial]"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)[/FONT]
[FONT=Arial]"Adobe AIR" = Adobe AIR[/FONT]
[FONT=Arial]"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX[/FONT]
[FONT=Arial]"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin[/FONT]
[FONT=Arial]"Adobe Shockwave Player" = Adobe Shockwave Player 11.6[/FONT]
[FONT=Arial]"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows[/FONT]
[FONT=Arial]"DefaultTab Chrome" = DefaultTab Chrome[/FONT]
[FONT=Arial]"ENTERPRISER" = Microsoft Office Enterprise 2007[/FONT]
[FONT=Arial]"ESET Online Scanner" = ESET Online Scanner v3[/FONT]
[FONT=Arial]"HOMESTUDENTR" = Microsoft Office Home and Student 2007[/FONT]
[FONT=Arial]"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password[/FONT]
[FONT=Arial]"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup[/FONT]
[FONT=Arial]"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center[/FONT]
[FONT=Arial]"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility[/FONT]
[FONT=Arial]"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert[/FONT]
[FONT=Arial]"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package[/FONT]
[FONT=Arial]"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)[/FONT]
[FONT=Arial]"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300[/FONT]
[FONT=Arial]"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile[/FONT]
[FONT=Arial]"MP Navigator 2.0" = Canon MP Navigator 2.0[/FONT]
[FONT=Arial]"N360" = Norton 360[/FONT]
[FONT=Arial]"SynTPDeinstKey" = Synaptics Pointing Device Driver[/FONT]
[FONT=Arial]"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)[/FONT]
[FONT=Arial]"TurboTax 2010" = TurboTax 2010[/FONT]
[FONT=Arial]"UPCShell" = LeapFrog Connect[/FONT]
[FONT=Arial]"WildTangent toshiba Master Uninstall" = WildTangent Games[/FONT]
[FONT=Arial]"WinLiveSuite" = Windows Live Essentials[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== HKEY_CURRENT_USER Uninstall List ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall][/FONT]
[FONT=Arial]"Google Chrome" = Google Chrome[/FONT]
[FONT=Arial]"GoToMeeting" = GoToMeeting 4.5.0.457[/FONT]
[FONT=Arial]"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Last 20 Event Log Errors ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][ Application Events ][/FONT]
[FONT=Arial]Error - 8/11/2012 12:48:47 PM | Computer Name = Shinji-PC | Source = Bonjour Service | ID = 100[/FONT]
[FONT=Arial]Description = Task Scheduling Error: Continuously busy for more than a second[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/11/2012 12:48:47 PM | Computer Name = Shinji-PC | Source = Bonjour Service | ID = 100[/FONT]
[FONT=Arial]Description = Task Scheduling Error: m->NextScheduledEvent 5448912[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/11/2012 12:48:47 PM | Computer Name = Shinji-PC | Source = Bonjour Service | ID = 100[/FONT]
[FONT=Arial]Description = Task Scheduling Error: m->NextScheduledSPRetry 5448912[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/13/2012 9:20:46 PM | Computer Name = Shinji-PC | Source = SideBySide | ID = 16842785[/FONT]
[FONT=Arial]Description = Activation context generation failed for "c:\program files\LeapFrog\leapfrog[/FONT]
[FONT=Arial] connect\tagusbdrivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"[/FONT]
[FONT=Arial] could not be found. Please use sxstrace.exe for detailed diagnosis.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/15/2012 11:46:25 PM | Computer Name = Shinji-PC | Source = Bonjour Service | ID = 100[/FONT]
[FONT=Arial]Description = Task Scheduling Error: Continuously busy for more than a second[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/15/2012 11:46:25 PM | Computer Name = Shinji-PC | Source = Bonjour Service | ID = 100[/FONT]
[FONT=Arial]Description = Task Scheduling Error: m->NextScheduledEvent 18435699[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/15/2012 11:46:25 PM | Computer Name = Shinji-PC | Source = Bonjour Service | ID = 100[/FONT]
[FONT=Arial]Description = Task Scheduling Error: m->NextScheduledSPRetry 18435699[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/15/2012 11:46:35 PM | Computer Name = Shinji-PC | Source = Bonjour Service | ID = 100[/FONT]
[FONT=Arial]Description = Task Scheduling Error: Continuously busy for more than a second[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/15/2012 11:46:35 PM | Computer Name = Shinji-PC | Source = Bonjour Service | ID = 100[/FONT]
[FONT=Arial]Description = Task Scheduling Error: m->NextScheduledEvent 18446104[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/15/2012 11:46:35 PM | Computer Name = Shinji-PC | Source = Bonjour Service | ID = 100[/FONT]
[FONT=Arial]Description = Task Scheduling Error: m->NextScheduledSPRetry 18446104[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][ OSession Events ][/FONT]
[FONT=Arial]Error - 11/20/2011 9:48:57 PM | Computer Name = Shinji-PC | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Arial]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Arial] 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 511[/FONT]
[FONT=Arial] seconds with 120 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 12/29/2011 11:34:52 PM | Computer Name = Shinji-PC | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Arial]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Arial] 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3089[/FONT]
[FONT=Arial] seconds with 1380 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 1/4/2012 12:17:54 AM | Computer Name = Shinji-PC | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Arial]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Arial] 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5640[/FONT]
[FONT=Arial] seconds with 1860 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 4/15/2012 9:18:04 AM | Computer Name = Shinji-PC | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Arial]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Arial] 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1902[/FONT]
[FONT=Arial] seconds with 1020 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 5/17/2012 10:39:24 PM | Computer Name = Shinji-PC | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Arial]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Arial] 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1965[/FONT]
[FONT=Arial] seconds with 1260 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 6/1/2012 3:07:48 PM | Computer Name = Shinji-PC | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Arial]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Arial] 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2278[/FONT]
[FONT=Arial] seconds with 1860 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 6/1/2012 3:21:56 PM | Computer Name = Shinji-PC | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Arial]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Arial] 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 829[/FONT]
[FONT=Arial] seconds with 540 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 7/4/2012 1:34:45 PM | Computer Name = Shinji-PC | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Arial]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Arial] 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6795[/FONT]
[FONT=Arial] seconds with 5220 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 7/24/2012 12:43:19 AM | Computer Name = Shinji-PC | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Arial]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Arial] 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3938[/FONT]
[FONT=Arial] seconds with 60 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 7/31/2012 1:08:25 AM | Computer Name = Shinji-PC | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Arial]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Arial] 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12190[/FONT]
[FONT=Arial] seconds with 4080 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][ System Events ][/FONT]
[FONT=Arial]Error - 8/15/2012 6:19:26 PM | Computer Name = Shinji-PC | Source = DCOM | ID = 10000[/FONT]
[FONT=Arial]Description = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/15/2012 11:46:20 PM | Computer Name = Shinji-PC | Source = atikmdag | ID = 43029[/FONT]
[FONT=Arial]Description = Display is not active[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/15/2012 11:47:20 PM | Computer Name = Shinji-PC | Source = DCOM | ID = 10010[/FONT]
[FONT=Arial]Description = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/16/2012 1:54:21 PM | Computer Name = Shinji-PC | Source = atikmdag | ID = 52236[/FONT]
[FONT=Arial]Description = CPLIB :: General - Invalid Parameter[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/16/2012 1:54:21 PM | Computer Name = Shinji-PC | Source = atikmdag | ID = 43029[/FONT]
[FONT=Arial]Description = Display is not active[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/16/2012 1:57:14 PM | Computer Name = Shinji-PC | Source = WMPNetworkSvc | ID = 866300[/FONT]
[FONT=Arial]Description = [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/16/2012 1:58:10 PM | Computer Name = Shinji-PC | Source = Service Control Manager | ID = 7009[/FONT]
[FONT=Arial]Description = A timeout was reached (30000 milliseconds) while waiting for the Peer[/FONT]
[FONT=Arial] Networking Identity Manager service to connect.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/16/2012 1:58:10 PM | Computer Name = Shinji-PC | Source = Service Control Manager | ID = 7000[/FONT]
[FONT=Arial]Description = The Peer Networking Identity Manager service failed to start due to[/FONT]
[FONT=Arial] the following error: %%1053[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/16/2012 1:58:10 PM | Computer Name = Shinji-PC | Source = Service Control Manager | ID = 7001[/FONT]
[FONT=Arial]Description = The Peer Networking Grouping service depends on the Peer Networking[/FONT]
[FONT=Arial] Identity Manager service which failed to start because of the following error: [/FONT]
[FONT=Arial] %%1053[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Error - 8/16/2012 1:58:10 PM | Computer Name = Shinji-PC | Source = Service Control Manager | ID = 7001[/FONT]
[FONT=Arial]Description = The Peer Name Resolution Protocol service depends on the Peer Networking[/FONT]
[FONT=Arial] Identity Manager service which failed to start because of the following error: [/FONT]
[FONT=Arial] %%1053[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< End of report >[/FONT]
 
The best part of the first logfile is missing. Please upload the logfiles here instead, or attempt to copy and paste them again.
 
OTL FIX

Warning: this OTL fix has active links. Please do not click on the links below, or your computer might become infected immediately!

Please run OTL
 
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2CB9F3EE-DF62-4FE5-8CAB-92C8985B96FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CB9F3EE-DF62-4FE5-8CAB-92C8985B96FC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shinji
->Temp folder emptied: 12771048 bytes
->Temporary Internet Files folder emptied: 8981162 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 33869758 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1914 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08182012_103802

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Web pages still take a while (1 min or so) to load but otherwise things appear to be fine. I have a couple of remaining questions:

- Do you think my computer is clean, based on the log files I've posted thus far?
- Which of the applications should I keep or delete (e.g., OTL, ComboFix)?
- Is Norton 360 sufficient protection or should I download/use additional programs?
- I have a flash drive that I've been using (not since we started our dialogue) but I'm concerned about potential infections there as well - how or with what program should I scan the flash drive?

Thank you so much for your time and consideration.
 
Yes, computer should be clean rest assured!

I'd like to see a Quick Scan from OTL again to verify (open OTL, press the Quick Scan button, post any logs that launch).

We will clean up the programs later that were used to disinfect.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your
    mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
 
Let's see if we can finish up here...

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-21 07:18:21
-----------------------------
07:18:21.853 OS Version: Windows 6.1.7601 Service Pack 1
07:18:21.853 Number of processors: 1 586 0x301
07:18:22.070 ComputerName: SHINJI-PC UserName: Shinji
07:19:36.259 Initialize success
07:19:58.120 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
07:19:58.123 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC64G Size: 238475MB BusType: 11
07:19:58.150 Disk 0 MBR read successfully
07:19:58.154 Disk 0 MBR scan
07:19:58.157 Disk 0 Windows VISTA default MBR code
07:19:58.195 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
07:19:58.213 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228693 MB offset 3074048
07:19:58.245 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8281 MB offset 471437312
07:19:58.252 Disk 0 scanning sectors +488396800
07:19:58.318 Disk 0 scanning C:\windows\system32\drivers
07:20:06.603 Service scanning
07:20:41.305 Modules scanning
07:20:59.997 Disk 0 trace - called modules:
07:21:00.023 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
07:21:00.387 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86257ac8]
07:21:00.403 3 CLASSPNP.SYS[88e4c59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8624b030]
07:21:00.416 Scan finished successfully
07:22:40.680 Disk 0 MBR has been saved successfully to "C:\Users\Shinji\Desktop\MBR.dat"
07:22:40.691 The log file has been saved successfully to "C:\Users\Shinji\Desktop\aswMBR.txt"
 
I don't see anything more that can cause issue.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran CCleaner
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
Thanks. I will take care of this when I get home. I have a Kindle that had been connected via USB prior to these issues coming up. Any chance that could be infected as well?
 
Tried to download Flash Disinfector but it won't run when I double-click the icon. Forum on bleepingcomputer states that it won't work with Windows 7 (which is what I have).
 
When I click "Open Disk Cleanup," it doesn't give me the option to select files and immediately goes into calculation mode. When that's completed, there is no More Options tab.
 
You're welcome.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?


Marked as solved. √
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
B
Solved MachineLearning/Anomalous.94%
2
Replies
29
Views
11K
Broni
Broni
DeadpixeI
Solved PUP.Optional.ASK and PUP.Optional.Delta won't go away.
2
Replies
31
Views
8K
Broni
Broni

Latest posts

Back