OTL logfile created on: 07/10/2011 18:59:20 - Run 6
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Admin Control\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.25 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 63.63% Memory free
6.72 Gb Paging File | 5.57 Gb Available in Paging File | 82.90% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 99.10 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 352.26 Gb Free Space | 75.63% Space Free | Partition Type: NTFS
Drive E: | 2.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: PETER-PC | User Name: Admin Control | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/18 21:26:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Admin Control\Desktop\OTL.exe
PRC - [2011/09/18 00:16:00 | 003,495,256 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/01 17:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/05/28 05:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/01/24 19:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011/01/24 19:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/10/16 13:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/09 09:10:32 | 002,953,112 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/02/27 18:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/09/05 15:43:24 | 000,389,448 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/09/05 15:43:14 | 001,261,384 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/07/01 14:41:55 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
MOD - [2011/07/01 14:41:34 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011/07/01 14:40:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011/07/01 14:40:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/07/01 14:40:02 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/07/01 14:39:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/07/01 14:37:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/07/01 14:37:02 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/07/01 14:36:55 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/07/01 14:36:44 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011/07/01 14:36:10 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/07/01 14:35:58 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/05/28 14:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011/01/24 19:35:58 | 002,896,608 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/01/24 19:35:54 | 000,026,848 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/01/24 19:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/08/09 09:10:32 | 002,953,112 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/22 23:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/04 01:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2008/07/27 19:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/09/05 15:43:18 | 000,037,704 | ---- | M] () -- C:\Program Files\Webroot\Washer\Languages\English.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] --  -- (LBTServ)
SRV - [2011/09/28 17:30:41 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/01 17:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/01/24 19:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/17 16:39:57 | 003,505,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/12/22 00:34:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/02/27 18:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Start_Pending] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/05 15:43:24 | 000,389,448 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/10/07 18:46:12 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/07 14:32:29 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2010/10/16 19:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/04/27 02:55:42 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/13 09:56:08 | 000,230,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\U6000ALL.sys -- (U6000ALL) U6000 TV Box(ALL)
DRV - [2007/07/13 03:22:50 | 000,035,072 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/07/13 03:22:50 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/07/13 03:22:38 | 000,135,168 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0BAC.sys -- (SaiH0BAC)
DRV - [2007/05/01 15:34:56 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiHFF12.sys -- (SaiHFF12)
DRV - [2007/05/01 15:34:56 | 000,016,256 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiIFF12.sys -- (SaiIFF12) Immersion's HID USB Driver (FF12)
DRV - [2007/04/11 15:32:46 | 000,010,640 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2007/03/29 09:29:44 | 000,401,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\t3.sys -- (t3) Sound Blaster X-Fi Xtreme Audio (Vista)
DRV - [2007/01/04 10:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/10/18 22:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005/01/04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-2157187852-3988093465-919591621-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2157187852-3988093465-919591621-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2157187852-3988093465-919591621-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
 
 
O1 HOSTS File: ([2011/09/23 20:45:05 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SPIRunE] C:\Windows\System32\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.102/FreeRealmsInstaller.cab?v=1049 (SonyOnlineInstallerX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF7AB2E2-9DB0-40C0-893A-06CB3D30FA28}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/06 18:21:16 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 21:00:00 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/10/07 18:38:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/07 17:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/07 17:19:36 | 000,000,000 | ---D | C] -- C:\Users\Admin Control\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/07 17:18:22 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/07 17:17:06 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/07 17:12:31 | 004,247,628 | R--- | C] (Swearware) -- C:\Users\Admin Control\Desktop\ComboFix.exe
[2011/10/03 23:15:37 | 000,000,000 | ---D | C] -- C:\Users\Admin Control\AppData\Roaming\Malwarebytes
[2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/09/24 08:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/09/24 08:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/09/23 22:06:28 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin Control\Desktop\TDSSKiller.exe
[2011/09/23 22:05:37 | 000,000,000 | ---D | C] -- C:\Users\Admin Control\AppData\Roaming\WinRAR
[2011/09/23 17:49:10 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Admin Control\Desktop\aswMBR.exe
[2011/09/23 17:46:32 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Admin Control\Desktop\OTL.exe
[2011/09/22 21:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/22 21:36:11 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/18 21:38:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/18 00:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/18 00:10:51 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/18 00:10:51 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/18 00:10:46 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/18 00:10:46 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/18 00:10:45 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/18 00:10:43 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/18 00:09:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/18 00:09:28 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/18 00:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/18 00:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/17 23:27:21 | 000,000,000 | ---D | C] -- C:\Users\Admin Control\AppData\Local\PMB Files
[2011/09/17 21:06:22 | 000,000,000 | ---D | C] -- C:\Kontiki
[2011/09/17 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/09/17 16:04:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/17 16:04:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/17 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Admin Control\AppData\Local\temp
[2011/09/17 14:43:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/17 14:37:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/16 15:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2011/09/11 17:45:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/09/10 14:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2010/03/13 20:12:51 | 002,897,168 | ---- | C] (Valve Corporation) -- C:\Program Files\Steam.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/10/07 19:05:00 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{84FB0170-63CA-4306-B427-861802DC3A15}.job
[2011/10/07 19:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{77EAD354-6971-4C48-B955-B80ED5FCC074}.job
[2011/10/07 19:04:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{736DE30D-D232-4359-94D9-0431FDDBF5D2}.job
[2011/10/07 19:02:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D5E81EDF-FEFE-4955-839F-5CCB026E3E4B}.job
[2011/10/07 18:46:12 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/07 18:20:02 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 18:20:01 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 18:18:43 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 18:18:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/07 17:57:19 | 3486,662,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/07 17:48:28 | 000,002,539 | ---- | M] () -- C:\Users\Admin Control\Desktop\HiJackThis.lnk
[2011/10/07 17:14:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/07 17:06:17 | 004,247,628 | R--- | M] (Swearware) -- C:\Users\Admin Control\Desktop\ComboFix.exe
[2011/10/07 16:39:39 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\Orange Broadband.lnk
[2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/09/25 05:41:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/09/24 20:31:22 | 000,001,887 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/09/24 20:31:22 | 000,001,887 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/09/24 18:35:22 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/24 18:35:22 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/23 22:04:31 | 001,528,215 | ---- | M] () -- C:\Users\Admin Control\Desktop\tdsskiller.zip
[2011/09/23 20:45:05 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/23 17:49:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin Control\Desktop\aswMBR.exe
[2011/09/23 07:43:34 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin Control\Desktop\TDSSKiller.exe
[2011/09/22 21:36:16 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/18 21:26:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Admin Control\Desktop\OTL.exe
[2011/09/18 00:16:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/18 00:10:52 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/17 23:46:18 | 000,002,487 | ---- | M] () -- C:\Users\Admin Control\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/09/17 23:46:18 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/09/16 15:32:39 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011/09/10 14:48:21 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/09/10 14:48:21 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/10/07 17:19:36 | 000,002,539 | ---- | C] () -- C:\Users\Admin Control\Desktop\HiJackThis.lnk
[2011/10/07 17:08:12 | 3486,662,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/23 22:04:22 | 001,528,215 | ---- | C] () -- C:\Users\Admin Control\Desktop\tdsskiller.zip
[2011/09/22 21:36:16 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/18 00:10:52 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/17 23:46:18 | 000,002,487 | ---- | C] () -- C:\Users\Admin Control\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/09/16 15:32:39 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011/09/10 14:48:21 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/09/10 14:48:21 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/04/11 19:10:52 | 002,687,352 | ---- | C] () -- C:\Program Files\ClientRegistry.blob
[2010/07/10 09:03:01 | 000,230,784 | ---- | C] () -- C:\Windows\System32\drivers\U6000ALL.sys
[2009/12/22 00:27:53 | 000,107,071 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/22 00:27:52 | 000,107,071 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/22 00:26:19 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/12/22 00:26:19 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/08/26 06:29:28 | 000,148,480 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 14:32:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/07/15 09:22:48 | 000,032,914 | ---- | C] () -- C:\Windows\System32\t3.ini
[2009/05/02 11:47:56 | 000,000,515 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/03/23 20:17:19 | 000,000,680 | ---- | C] () -- C:\Users\Admin Control\AppData\Local\d3d9caps.dat
[2009/01/14 03:47:24 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/01/14 03:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/01/14 03:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/01/14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/01/14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/01/14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/01/14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/01/14 03:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/01/14 03:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/01/14 03:47:24 | 000,000,821 | R--- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/01/14 03:47:24 | 000,000,819 | R--- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/01/14 03:47:24 | 000,000,730 | R--- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/01/14 03:47:24 | 000,000,548 | R--- | C] () -- C:\Windows\Cfg01APR.ini
[2009/01/14 03:47:24 | 000,000,455 | R--- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/01/14 03:47:24 | 000,000,455 | R--- | C] () -- C:\Windows\Cfg02DO.ini
[2009/01/14 03:47:24 | 000,000,455 | R--- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/01/14 03:47:24 | 000,000,455 | R--- | C] () -- C:\Windows\Cfg01DO.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03DO.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03DI.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02DI.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01LI.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01DI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2008/12/26 11:59:06 | 000,839,680 | ---- | C] () -- C:\Windows\System32\SaiC0BAC.Dll
[2008/12/26 11:59:06 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0C.dll
[2008/12/26 11:59:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_10.dll
[2008/12/26 11:59:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0A.dll
[2008/12/26 11:59:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_07.dll
[2008/12/26 11:59:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_09.dll
[2008/12/26 11:59:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0402.dll
[2008/12/26 11:59:06 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_11.dll
[2008/11/15 20:01:22 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2008/08/25 07:22:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/25 07:22:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/06 19:01:04 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2008/07/06 18:21:16 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2008/07/06 18:21:16 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2008/07/06 18:21:16 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2008/07/06 18:21:16 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2008/07/06 18:21:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2008/06/20 23:41:51 | 000,000,101 | ---- | C] () -- C:\Users\Admin Control\AppData\Local\fusioncache.dat
[2008/05/31 11:09:35 | 000,006,656 | ---- | C] () -- C:\Users\Admin Control\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/31 10:36:57 | 000,000,145 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT
[2008/05/31 10:35:05 | 000,000,022 | ---- | C] () -- C:\Windows\epver32.dat
[2008/05/18 13:07:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/05/17 16:30:28 | 000,130,048 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/05/17 16:18:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/17 15:00:57 | 000,116,736 | ---- | C] () -- C:\Windows\Uninstall_Livebox.EXE
[2008/05/14 16:15:36 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008/05/14 15:56:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/05/14 15:56:48 | 000,012,358 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/05/14 15:56:40 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007/06/08 19:12:12 | 000,262,144 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll
[2007/05/01 15:34:56 | 002,011,136 | ---- | C] () -- C:\Windows\System32\SaiCFF12.Dll
[2007/05/01 15:34:56 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0C.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_10.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0A.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_07.dll
[2007/05/01 15:34:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCFF12_09.dll
[2007/05/01 15:34:56 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0402.dll
[2007/05/01 15:34:56 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCFF12_11.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,411,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/07/29 02:19:46 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2003/06/28 14:34:20 | 000,069,707 | ---- | C] () -- C:\Windows\System32\DISP_OPT1.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/08/29 13:34:26 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\IObit
[2010/11/26 00:01:50 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Memeo
[2009/04/26 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Nokia
[2009/02/03 08:49:24 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\PC Suite
[2010/11/26 00:01:48 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Seagate
[2009/05/01 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Sierra
[2011/01/16 19:28:57 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Sierra Entertainment
[2010/02/08 23:54:17 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Trusteer
[2011/03/31 09:52:05 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\IObit
[2009/12/14 21:14:35 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\LEGO Company
[2010/11/26 16:48:48 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\Memeo
[2011/06/28 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\NCH Swift Sound
[2009/02/25 18:35:52 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\PC Suite
[2010/11/26 16:48:30 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\Seagate
[2009/06/06 16:40:33 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\Sierra
[2009/06/06 16:20:58 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\SPORE Creature Creator
[2010/02/07 09:37:28 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\Trusteer
[2010/02/27 08:49:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/02/27 08:49:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/11/07 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\FOG Downloader
[2011/03/06 13:59:25 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IMVU
[2010/10/26 14:04:52 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IMVUClient
[2011/04/03 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IObit
[2010/11/28 07:51:48 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Memeo
[2009/11/21 20:29:32 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\NCH Swift Sound
[2010/09/19 11:27:31 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Notepad++
[2009/11/14 16:32:57 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\PC Suite
[2010/11/28 07:51:42 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Seagate
[2010/06/11 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Sierra
[2011/04/03 18:28:19 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SPORE
[2010/02/08 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Trusteer
[2011/03/06 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Upyg
[2010/10/26 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Vivox
[2010/04/26 02:37:17 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Vunat
[2011/10/03 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\.minecraft
[2008/06/15 13:33:02 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\AVSMedia
[2009/06/07 10:10:26 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\CD-LabelPrint
[2011/09/10 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\IObit
[2010/11/24 21:51:54 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Leadertech
[2009/12/06 15:08:51 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\LEGO Company
[2010/11/24 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Memeo
[2009/10/05 16:23:53 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\NCH Swift Sound
[2009/02/08 23:59:54 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\Nokia
[2011/08/29 18:33:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Notepad++
[2009/02/02 21:30:27 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\PC Suite
[2008/07/06 19:00:30 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\proDAD
[2011/06/11 14:39:21 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Seagate
[2009/04/10 07:28:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Sierra
[2011/01/17 16:50:41 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\Sierra Entertainment
[2011/03/28 21:50:29 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\SPORE
[2011/07/08 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TomTom
[2010/02/06 12:16:40 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Trusteer
[2010/08/10 17:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\Utherverse
[2010/09/22 08:05:53 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\Vso
[2011/10/07 17:56:31 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/07 19:04:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{736DE30D-D232-4359-94D9-0431FDDBF5D2}.job
[2011/10/07 19:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{77EAD354-6971-4C48-B955-B80ED5FCC074}.job
[2011/10/07 19:05:00 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{84FB0170-63CA-4306-B427-861802DC3A15}.job
[2011/10/07 19:02:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D5E81EDF-FEFE-4955-839F-5CCB026E3E4B}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/05/19 16:00:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/05/19 16:00:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< C:\Windows\assembly\tmp\U /s >[/color]

< End of report >