OTL logfile created on: 05/03/2012 17:17:49 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\harrisons\Desktop\malware apps Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.50 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 56.71% Memory free 7.18 Gb Paging File | 5.68 Gb Available in Paging File | 79.19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147.04 Gb Total Space | 45.97 Gb Free Space | 31.26% Space Free | Partition Type: NTFS Drive Y: | 2.00 Gb Total Space | 1.63 Gb Free Space | 81.42% Space Free | Partition Type: NTFS Computer Name: YK1M007380 | User Name: harrisons | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/02/21 09:02:04 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe PRC - [2012/02/14 23:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\harrisons\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/02/06 17:51:27 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2012/01/19 15:20:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\harrisons\Desktop\malware apps\OTL.exe PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/11 18:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2011/07/28 14:00:36 | 000,053,248 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2010/09/23 23:03:04 | 001,332,560 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe PRC - [2010/09/23 22:55:30 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe PRC - [2010/09/23 22:55:18 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe PRC - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2010/01/29 08:23:10 | 000,017,408 | ---- | M] (Invu Services Ltd) -- C:\Program Files\INVU Services Ltd\INVU6\INVU.Client.Services.exe PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/10/14 01:00:00 | 000,157,552 | ---- | M] (ATConsulting LLC) -- \\server5\ezaudit\ondemand.exe PRC - [2008/08/11 17:12:44 | 001,574,224 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\LogmeInBackupService.exe PRC - [2008/08/11 17:12:29 | 000,480,592 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe PRC - [2008/08/11 17:12:25 | 000,079,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\BackupMaint.exe PRC - [2008/07/14 14:26:58 | 000,087,368 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\LMIGuardian.exe PRC - [2007/10/15 10:15:47 | 000,040,960 | ---- | M] () -- C:\Program Files\vCAP\vCAPService.exe PRC - [2007/10/15 10:15:32 | 001,028,096 | ---- | M] (PSCS) -- C:\Program Files\vCAP\vCAP.exe PRC - [2007/09/12 10:20:58 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe PRC - [2007/06/13 11:11:30 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006/01/09 12:56:04 | 000,049,152 | ---- | M] () -- C:\Windows\System32\LxrSII1s.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll MOD - [2011/10/25 14:57:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll MOD - [2011/10/25 14:57:04 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll MOD - [2011/10/25 14:56:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011/10/25 13:44:50 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011/10/25 13:44:05 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011/10/25 13:43:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011/10/25 13:40:35 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011/10/25 13:40:19 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/08/07 13:10:24 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll MOD - [2008/08/13 15:45:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3054.18974__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.dll MOD - [2008/08/13 15:45:13 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3054.18974__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll MOD - [2008/08/13 15:45:12 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3054.18974__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll MOD - [2008/08/13 15:45:12 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3054.18973__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll MOD - [2008/08/13 15:45:12 | 000,200,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3054.18972__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll MOD - [2008/08/13 15:45:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3054.18964__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll MOD - [2008/08/13 15:45:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3054.18972__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.dll MOD - [2008/08/13 15:45:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3054.18973__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.dll MOD - [2008/08/13 15:45:12 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3054.18972__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll MOD - [2008/08/13 15:45:12 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3054.18973__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll MOD - [2008/08/13 15:45:12 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3054.18963__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll MOD - [2008/08/13 15:45:11 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3054.18975__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll MOD - [2008/08/13 15:45:11 | 000,192,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3054.18964__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll MOD - [2008/08/13 15:45:11 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3054.18963__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2008/08/13 15:45:11 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3054.18962__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2008/08/13 15:45:11 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3054.18971__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2008/08/13 15:45:11 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3054.18963__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2008/08/13 15:45:10 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3054.18653__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008/08/13 15:45:10 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3054.18892__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2008/08/13 15:45:10 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3054.18608__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008/08/13 15:45:10 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3054.18668__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008/08/13 15:45:10 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3054.18882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008/08/13 15:45:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3054.18645__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008/08/13 15:45:10 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3054.18782__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008/08/13 15:45:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3054.18630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008/08/13 15:45:09 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3054.18864__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2008/08/13 15:45:09 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3054.18924__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008/08/13 15:45:09 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3054.18932__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:09 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3054.18623__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:09 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3054.18837__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008/08/13 15:45:08 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3054.18848__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:08 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3054.18855__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008/08/13 15:45:08 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3054.18846__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008/08/13 15:45:07 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3054.18921__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008/08/13 15:45:06 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3054.18960__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:06 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3054.18959__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2008/08/13 15:45:04 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3054.18793__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:04 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3054.18871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008/08/13 15:45:04 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3054.18792__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008/08/13 15:45:03 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3054.18676__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:03 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3054.18814__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:02 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3054.18683__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:02 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3054.18632__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3054.18690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008/08/13 15:45:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3054.18812__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008/08/13 15:45:01 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3054.18885__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3054.18827__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008/08/13 15:45:00 | 000,663,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3054.18840__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:00 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3054.18785__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:00 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3054.18777__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008/08/13 15:45:00 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3054.18783__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008/08/13 15:44:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3054.18791__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008/08/13 15:44:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008/08/13 15:44:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2008/08/13 15:44:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008/08/13 15:44:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3005.17534__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2008/08/13 15:44:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008/08/13 15:44:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008/08/13 15:44:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008/08/13 15:44:56 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008/08/13 15:44:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008/08/13 15:44:52 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008/08/13 15:44:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008/08/13 15:44:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008/08/13 15:44:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2008/08/13 15:44:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008/08/13 15:44:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll MOD - [2008/08/13 15:44:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008/08/13 15:44:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008/08/13 15:44:51 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008/08/13 15:44:51 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008/08/13 15:44:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008/08/13 15:44:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008/08/13 15:44:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008/08/13 15:44:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008/08/13 15:44:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008/08/13 15:44:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008/08/13 15:44:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008/08/13 15:44:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008/08/13 15:44:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008/08/13 15:44:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008/08/13 15:44:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008/08/13 15:44:48 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2008/08/13 15:44:48 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008/08/13 15:44:47 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008/08/13 15:44:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008/08/13 15:44:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008/08/13 15:44:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008/08/13 15:44:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008/08/13 15:44:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008/08/13 15:44:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008/08/13 15:44:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008/08/13 15:44:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008/08/13 15:44:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008/08/13 15:44:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll MOD - [2008/08/13 15:44:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3054.18949__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008/08/13 15:44:45 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008/08/13 15:44:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008/08/13 15:44:45 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3054.18964__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008/08/13 15:44:45 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008/08/13 15:44:44 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3054.18910__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008/08/13 15:44:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008/08/13 15:44:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008/08/13 15:44:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008/08/13 15:44:43 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3054.18639__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008/08/13 15:44:43 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3054.18900__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008/08/13 15:44:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3054.18907__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008/08/13 15:44:43 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008/08/13 15:44:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008/08/13 15:44:43 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008/08/13 15:44:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008/08/13 15:44:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008/08/13 15:44:39 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3054.18617__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008/08/13 15:44:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008/08/13 15:44:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3054.18598__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008/08/13 15:44:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3054.18594__90ba9c70f846762e\APM.Server.dll MOD - [2008/08/13 15:44:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3054.18909__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008/08/13 15:44:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008/08/13 15:44:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008/08/13 15:44:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3054.18596__90ba9c70f846762e\AEM.Server.dll MOD - [2008/05/12 15:55:52 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/06 17:51:27 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2011/07/28 14:00:36 | 000,053,248 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service) SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2010/09/23 22:55:30 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe -- (SBAMSvc) SRV - [2010/09/23 22:55:18 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe -- (SBPIMSvc) SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2010/02/24 14:25:17 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2010/01/29 08:23:10 | 000,017,408 | ---- | M] (Invu Services Ltd) [Auto | Running] -- C:\Program Files\INVU Services Ltd\INVU6\INVU.Client.Services.exe -- (INVU Series 6 Message Service) SRV - [2008/08/11 17:12:44 | 001,574,224 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Backup\LogmeInBackupService.exe -- (LogMeInBackupService.exe) SRV - [2008/08/11 17:12:29 | 000,480,592 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Backup\lmibackupvssservice.exe -- (LMIBackupVSSService.exe) SRV - [2008/08/11 17:12:25 | 000,079,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Backup\BackupMaint.exe -- (BackupMaint) SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/15 10:15:47 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\vCAP\vCAPService.exe -- (vCAP Calendar Server) SRV - [2007/02/08 15:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006/01/09 12:56:04 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Windows\System32\LxrSII1s.exe -- (LxrSII1s) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012/02/06 17:51:28 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2011/12/15 17:13:23 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302) DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2011/08/07 13:10:24 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso) DRV - [2010/07/27 04:48:30 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis) DRV - [2010/06/14 14:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs) DRV - [2010/06/10 07:49:43 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\radpms.sys -- (radpms) DRV - [2010/05/20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2010/05/13 07:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE) DRV - [2008/10/18 07:48:51 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/05/12 16:31:00 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2008/01/18 22:42:14 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007/11/16 16:28:59 | 000,006,828 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftlund.sys -- (FTLUND) DRV - [2007/01/24 08:28:00 | 000,080,128 | ---- | M] (OEM) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\oxpar.sys -- (oxpar) DRV - [2006/12/14 08:37:40 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LxrSII1d.sys -- (LxrSII1d) DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BrPar.sys -- (BrPar) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/01/19 14:41:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe (Sunbelt Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Vclean2] c:\temp\VClean2.vbs File not found O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\harrisons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\harrisons\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Series 6 - {42229191-CCEA-11d3-BE71-00C0DFE1873E} - C:\Program Files\INVU Services Ltd\INVU6\INVU.WebCapture.exe (Invu Services Ltd) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: google.com ([kh] http in Trusted sites) O15 - HKCU\..Trusted Domains: southend.local ([remote] https in Local intranet) O15 - HKCU\..Trusted Domains: wk.loc ([engine.southend] http in Local intranet) O15 - HKCU\..Trusted Domains: wk.loc ([engine.southend] https in Trusted sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client) O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} https://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab (PrintEngine ActiveX Control v4.2) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = southend.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32FFA92F-9A3F-4369-B288-51CD15391C83}: DhcpNameServer = 192.168.0.200 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img1.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/05/10 15:20:40 | 000,000,066 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk - C:\Program Files\google\Google Updater\GoogleUpdater.exe - (Google) MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: [b]LogMeIn Backup GUI[/b] - hkey= - key= - C:\Program Files\LogMeIn Backup\BackupSystray.exe (LogMeIn, Inc.) MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: [b]Windows Defender[/b] - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SBAMSvc - C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe (Sunbelt Software) SafeBootMin: SBPIMSvc - C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software) SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SBAMSvc - C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe (Sunbelt Software) SafeBootNet: SBPIMSvc - C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software) SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F0173905-8498-4452-A4BD-EC689AFA6B3A} - "%ProgramFiles%\Common Files\Sage SBD\ForceEIRRegistration.exe" ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/02/28 17:13:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/02/28 17:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/02/28 17:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/02/24 09:46:07 | 000,000,000 | ---D | C] -- C:\Users\harrisons\AppData\Local\79BE31BD-BF90-465A-9BA8-B33F7284DC01.aplzod [2012/02/21 09:16:29 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Users\harrisons\Desktop\FixitCenter_Run.exe [2008/12/23 08:32:46 | 000,184,320 | R--- | C] ( ) -- C:\Windows\System32\SgE.interop.MSXML2.dll [2006/12/12 10:59:08 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\Interop.MSXML2.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/03/05 17:11:50 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/05 17:10:52 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/05 17:10:52 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/05 17:10:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/05 17:10:35 | 3756,376,064 | -HS- | M] () -- C:\hiberfil.sys [2012/03/05 16:53:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/03/05 16:34:27 | 000,002,651 | ---- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk [2012/03/05 11:49:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012/03/05 10:26:07 | 000,025,720 | ---- | M] () -- C:\Users\harrisons\Desktop\LPAY0603.SFM [2012/03/05 09:16:22 | 000,002,609 | ---- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk [2012/03/05 08:49:29 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E9F6A8F6-16A8-4D38-B129-9D79CAE6F8BB}.job [2012/03/05 08:48:50 | 000,002,657 | ---- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk [2012/03/03 10:47:18 | 000,000,937 | ---- | M] () -- C:\Users\harrisons\Desktop\Dropbox.lnk [2012/03/03 10:47:18 | 000,000,917 | ---- | M] () -- C:\Users\harrisons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/03/02 09:00:40 | 000,002,547 | ---- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Invu Series 6.lnk [2012/02/24 09:56:51 | 000,000,944 | ---- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012/02/21 16:48:33 | 000,000,157 | ---- | M] () -- C:\Windows\ricdb.ini [2012/02/21 16:48:32 | 000,000,191 | ---- | M] () -- C:\Windows\System32\RPCS.ini [2012/02/21 09:32:29 | 000,000,680 | ---- | M] () -- C:\Users\harrisons\AppData\Local\d3d9caps.dat [2012/02/21 09:16:30 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Users\harrisons\Desktop\FixitCenter_Run.exe [2012/02/21 09:02:06 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/02/10 10:14:04 | 000,001,842 | ---- | M] () -- C:\Users\harrisons\Documents\Default.rdp [2012/02/06 17:51:28 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll [2012/02/06 17:51:28 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll [2012/02/06 17:51:27 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/03/05 10:26:07 | 000,025,720 | ---- | C] () -- C:\Users\harrisons\Desktop\LPAY0603.SFM [2012/01/19 12:47:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/01/19 12:47:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/01/19 12:47:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/01/19 12:47:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/01/19 12:47:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/07/27 13:20:46 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll [2011/07/27 13:20:34 | 000,245,760 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe [2011/07/27 13:20:30 | 000,364,544 | ---- | C] () -- C:\Windows\System32\SGCDlg32.dll [2011/07/27 13:20:24 | 000,368,640 | ---- | C] () -- C:\Windows\System32\SGList32.dll [2011/07/27 13:20:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SGAppBar.dll [2011/07/27 13:20:20 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGSchemeXML.dll [2011/07/27 13:20:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SGStat32.dll [2011/07/27 13:20:16 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll [2011/07/27 13:20:16 | 000,122,880 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll [2011/07/27 13:20:10 | 000,294,912 | ---- | C] () -- C:\Windows\System32\SGTBar32.dll [2011/07/27 13:20:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll [2011/07/27 13:20:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll [2011/07/27 13:20:02 | 000,245,760 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll [2011/07/27 13:20:02 | 000,225,280 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll [2011/07/27 13:20:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SGLogo32.dll [2011/07/27 13:20:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SG3D32.dll [2011/07/27 13:19:58 | 000,262,144 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll [2011/07/27 13:19:58 | 000,102,400 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll [2011/07/27 13:19:50 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGRegister.dll [2011/07/27 13:19:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SGCom32.dll [2011/07/27 13:10:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll [2011/07/27 13:01:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGDt32.dll [2011/07/25 16:51:14 | 001,712,128 | ---- | C] () -- C:\Windows\System32\SGRep32.dll [2011/07/25 16:51:14 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLCH32.DLL [2011/07/25 16:51:12 | 000,001,205 | ---- | C] () -- C:\Windows\SAGEINTL.INI [2011/07/25 16:51:12 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv [2011/06/03 09:39:22 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI [2011/01/04 13:03:17 | 000,174,860 | ---- | C] () -- C:\Windows\System32\mlfcache.dat [2010/10/29 08:53:57 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat [2010/05/10 15:27:48 | 000,000,737 | ---- | C] () -- C:\Windows\SGREP32.INI [2010/04/17 14:37:31 | 000,000,068 | ---- | C] () -- C:\Windows\iltwain.ini [2010/04/15 18:11:07 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010/04/15 18:10:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/04/15 18:08:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010/04/15 18:08:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010/02/24 14:25:25 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2010/02/09 11:33:54 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SgELauncher.dll [2010/02/09 11:33:14 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SgEData.dll [2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/03/26 14:43:54 | 000,000,157 | ---- | C] () -- C:\Windows\ricdb.ini [2009/03/26 14:43:49 | 000,000,191 | ---- | C] () -- C:\Windows\System32\RPCS.ini [2009/03/17 09:57:19 | 000,038,437 | ---- | C] () -- C:\Users\harrisons\AppData\Roaming\Microsoft Excel 97-2003.ADR [2008/11/11 14:25:44 | 000,303,104 | ---- | C] () -- C:\Windows\System32\I3tif32.dll [2008/11/11 14:25:44 | 000,244,736 | ---- | C] () -- C:\Windows\System32\ISP2003.dll [2008/11/11 14:25:44 | 000,163,840 | ---- | C] () -- C:\Windows\System32\Ilanot32.dll [2008/09/02 15:56:45 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2008/09/02 15:56:45 | 000,000,160 | ---- | C] () -- C:\Windows\System32\zvprt5.ini [2008/09/01 16:40:55 | 000,000,319 | ---- | C] () -- C:\Windows\SWWATER.INI [2008/09/01 16:06:18 | 000,009,141 | ---- | C] () -- C:\Windows\System32\zvprtmon.dll [2008/09/01 16:06:18 | 000,008,407 | ---- | C] () -- C:\Windows\System32\zvprtmonui.dll [2008/09/01 16:06:09 | 000,000,068 | -HS- | C] () -- C:\Windows\System32\windzfa0.sys [2008/08/13 15:43:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008/08/13 15:42:10 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008/08/13 15:36:14 | 000,000,680 | ---- | C] () -- C:\Users\harrisons\AppData\Local\d3d9caps.dat [2008/05/12 15:55:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/05/02 15:23:20 | 000,008,170 | ---- | C] () -- C:\Users\harrisons\AppData\Roaming\NMM-MetaData.db [2008/04/28 09:44:33 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LxrSII1s.exe [2008/04/28 09:44:32 | 000,072,672 | ---- | C] () -- C:\Windows\System32\drivers\LxrSII1d.sys [2008/03/06 14:24:58 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2007/12/10 11:51:25 | 000,000,054 | ---- | C] () -- C:\Windows\System32\BD5240.DAT [2007/11/16 17:23:31 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2007/11/16 17:22:47 | 000,000,290 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2007/11/16 17:22:47 | 000,000,233 | ---- | C] () -- C:\Windows\Brownie.ini [2007/11/16 17:22:47 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2007/11/16 17:22:45 | 000,015,108 | ---- | C] () -- C:\Windows\HL-5140.INI [2007/11/16 17:22:45 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2007/11/16 10:44:10 | 000,001,145 | ---- | C] () -- C:\Windows\ODBCINST.INI [2007/11/16 10:44:10 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI [2007/11/09 11:48:44 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI [2007/11/09 11:48:44 | 000,000,052 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2007/11/09 11:24:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\TT.INI [2007/11/08 12:13:45 | 000,023,052 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2007/11/08 11:34:15 | 000,005,632 | ---- | C] () -- C:\Users\harrisons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/11/08 10:12:42 | 000,048,762 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007/10/24 07:01:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll [2007/08/24 19:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007/08/24 19:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/08/24 19:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007/08/21 21:51:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2007/08/21 19:36:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2007/07/11 11:38:37 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL [2006/11/02 12:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 12:47:43 | 000,385,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 10:33:01 | 000,647,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 10:33:01 | 000,123,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/11/01 15:50:40 | 000,126,976 | R--- | C] () -- C:\Windows\System32\PDFInstall.exe [2005/06/06 15:37:18 | 000,000,404 | ---- | C] () -- C:\Windows\System32\CDK2000.DAT [2005/03/11 02:02:52 | 000,036,938 | ---- | C] () -- C:\Windows\System32\RNERR.DLL [2004/11/16 20:52:00 | 000,268,947 | ---- | C] () -- C:\Windows\System32\ICDLLW32.DLL [2004/11/16 20:51:10 | 000,124,979 | ---- | C] () -- C:\Windows\System32\ICHUNW32.DLL [2004/08/24 10:29:56 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SDOApp.dll [2004/08/10 15:29:04 | 000,040,960 | ---- | C] () -- C:\Windows\System32\REPDES32.EXE [2004/05/25 16:40:04 | 000,010,739 | ---- | C] () -- C:\Windows\System32\REC_OUT.INI [2004/04/30 14:54:02 | 000,001,078 | ---- | C] () -- C:\Windows\System32\RM_RER.INI [2004/04/30 11:18:22 | 000,026,900 | ---- | C] () -- C:\Windows\System32\RenderingExt.dat [2003/09/22 16:37:56 | 000,699,056 | ---- | C] () -- C:\Windows\System32\lpdata.bin [2003/05/17 21:18:18 | 000,021,504 | ---- | C] () -- C:\Windows\System32\ezbrwsr.dll [2003/01/19 18:11:22 | 000,000,307 | ---- | C] () -- C:\Windows\System32\RM_MAT.INI [2002/07/05 09:47:22 | 000,006,844 | ---- | C] () -- C:\Windows\System32\OURDICT.DAT [2002/05/08 08:39:48 | 000,805,837 | ---- | C] () -- C:\Windows\System32\R_pol.dat [2002/05/08 08:39:48 | 000,622,988 | ---- | C] () -- C:\Windows\System32\R_rus.dat [2002/05/08 08:39:48 | 000,368,635 | ---- | C] () -- C:\Windows\System32\R_swe.dat [2002/05/08 08:39:48 | 000,345,971 | ---- | C] () -- C:\Windows\System32\R_por.dat [2002/05/08 08:39:48 | 000,288,519 | ---- | C] () -- C:\Windows\System32\R_spa.dat [2002/05/08 08:39:46 | 000,762,368 | ---- | C] () -- C:\Windows\System32\R_nor.dat [2002/05/08 08:39:46 | 000,755,560 | ---- | C] () -- C:\Windows\System32\R_hun.dat [2002/05/08 08:39:46 | 000,607,892 | ---- | C] () -- C:\Windows\System32\R_gre.dat [2002/05/08 08:39:46 | 000,344,775 | ---- | C] () -- C:\Windows\System32\R_ita.dat [2002/05/08 08:39:44 | 000,831,781 | ---- | C] () -- C:\Windows\System32\R_ger.dat [2002/05/08 08:39:44 | 000,443,758 | ---- | C] () -- C:\Windows\System32\R_fin.dat [2002/05/08 08:39:44 | 000,339,237 | ---- | C] () -- C:\Windows\System32\R_fre.dat [2002/05/08 08:39:44 | 000,285,679 | ---- | C] () -- C:\Windows\System32\R_ENG.DAT [2002/05/08 08:39:42 | 000,655,435 | ---- | C] () -- C:\Windows\System32\R_dut.dat [2002/05/08 08:39:42 | 000,641,241 | ---- | C] () -- C:\Windows\System32\R_czh.dat [2002/05/08 08:39:42 | 000,521,315 | ---- | C] () -- C:\Windows\System32\R_dan.dat [2002/05/08 08:39:40 | 000,236,245 | ---- | C] () -- C:\Windows\System32\R_cat.dat [2002/05/08 08:39:08 | 000,007,376 | ---- | C] () -- C:\Windows\System32\CURTWORD.dat [2001/04/27 09:53:10 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XISWDP.BIN [2001/04/27 09:53:10 | 000,008,794 | ---- | C] () -- C:\Windows\System32\XISWDS.BIN [2001/04/27 09:53:10 | 000,004,364 | ---- | C] () -- C:\Windows\System32\XISWDZ.BIN [2001/04/27 09:53:08 | 000,530,244 | ---- | C] () -- C:\Windows\System32\XISWDB.BIN [2001/04/27 09:53:08 | 000,489,303 | ---- | C] () -- C:\Windows\System32\XISWDD.BIN [2001/04/27 09:53:08 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XISWDE.BIN [2001/04/27 09:53:08 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XISPNE.BIN [2001/04/27 09:53:08 | 000,034,559 | ---- | C] () -- C:\Windows\System32\XISWDC.BIN [2001/04/27 09:53:08 | 000,011,434 | ---- | C] () -- C:\Windows\System32\XISPNS.BIN [2001/04/27 09:53:08 | 000,009,648 | ---- | C] () -- C:\Windows\System32\XISPNP.BIN [2001/04/27 09:53:08 | 000,004,622 | ---- | C] () -- C:\Windows\System32\XISPNZ.BIN [2001/04/27 09:53:06 | 000,537,770 | ---- | C] () -- C:\Windows\System32\XIPRTB.BIN [2001/04/27 09:53:06 | 000,527,108 | ---- | C] () -- C:\Windows\System32\XISPNB.BIN [2001/04/27 09:53:06 | 000,222,108 | ---- | C] () -- C:\Windows\System32\XISPND.BIN [2001/04/27 09:53:06 | 000,086,721 | ---- | C] () -- C:\Windows\System32\Xiprtd.bin [2001/04/27 09:53:06 | 000,085,100 | ---- | C] () -- C:\Windows\System32\Xiprte.bin [2001/04/27 09:53:06 | 000,041,501 | ---- | C] () -- C:\Windows\System32\XIPRTC.BIN [2001/04/27 09:53:06 | 000,034,949 | ---- | C] () -- C:\Windows\System32\XISPNC.BIN [2001/04/27 09:53:06 | 000,016,738 | ---- | C] () -- C:\Windows\System32\Xiprts.bin [2001/04/27 09:53:06 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XIPRTP.BIN [2001/04/27 09:53:06 | 000,004,596 | ---- | C] () -- C:\Windows\System32\XIPRTZ.BIN [2001/04/27 09:53:04 | 000,523,560 | ---- | C] () -- C:\Windows\System32\XINRWB.BIN [2001/04/27 09:53:04 | 000,345,242 | ---- | C] () -- C:\Windows\System32\XINRWD.BIN [2001/04/27 09:53:04 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XINRWE.BIN [2001/04/27 09:53:04 | 000,032,607 | ---- | C] () -- C:\Windows\System32\XINRWC.BIN [2001/04/27 09:53:04 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XINRWP.BIN [2001/04/27 09:53:04 | 000,007,074 | ---- | C] () -- C:\Windows\System32\XINRWS.BIN [2001/04/27 09:53:04 | 000,004,378 | ---- | C] () -- C:\Windows\System32\XINRWZ.BIN [2001/04/27 09:53:02 | 000,476,018 | ---- | C] () -- C:\Windows\System32\XIITLB.BIN [2001/04/27 09:53:02 | 000,249,547 | ---- | C] () -- C:\Windows\System32\XIGRMD.BIN [2001/04/27 09:53:02 | 000,161,909 | ---- | C] () -- C:\Windows\System32\XIITLD.BIN [2001/04/27 09:53:02 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIITLE.BIN [2001/04/27 09:53:02 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIGRME.BIN [2001/04/27 09:53:02 | 000,035,525 | ---- | C] () -- C:\Windows\System32\XIITLC.BIN [2001/04/27 09:53:02 | 000,019,346 | ---- | C] () -- C:\Windows\System32\XIGRMS.BIN [2001/04/27 09:53:02 | 000,019,238 | ---- | C] () -- C:\Windows\System32\XIITLS.BIN [2001/04/27 09:53:02 | 000,009,656 | ---- | C] () -- C:\Windows\System32\XIITLP.BIN [2001/04/27 09:53:02 | 000,009,656 | ---- | C] () -- C:\Windows\System32\XIGRMP.BIN [2001/04/27 09:53:02 | 000,004,506 | ---- | C] () -- C:\Windows\System32\XIITLZ.BIN [2001/04/27 09:53:02 | 000,004,298 | ---- | C] () -- C:\Windows\System32\XIGRMZ.BIN [2001/04/27 09:53:00 | 000,495,908 | ---- | C] () -- C:\Windows\System32\XIFRNB.BIN [2001/04/27 09:53:00 | 000,458,050 | ---- | C] () -- C:\Windows\System32\XIGRMB.BIN [2001/04/27 09:53:00 | 000,303,591 | ---- | C] () -- C:\Windows\System32\XIFRND.BIN [2001/04/27 09:53:00 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIFRNE.BIN [2001/04/27 09:53:00 | 000,056,724 | ---- | C] () -- C:\Windows\System32\XIFRNC.BIN [2001/04/27 09:53:00 | 000,035,068 | ---- | C] () -- C:\Windows\System32\XIGRMC.BIN [2001/04/27 09:53:00 | 000,021,046 | ---- | C] () -- C:\Windows\System32\XIFRNS.BIN [2001/04/27 09:53:00 | 000,009,692 | ---- | C] () -- C:\Windows\System32\XIFRNP.BIN [2001/04/27 09:53:00 | 000,004,354 | ---- | C] () -- C:\Windows\System32\XIFRNZ.BIN [2001/04/27 09:52:58 | 000,517,334 | ---- | C] () -- C:\Windows\System32\XIFINB.BIN [2001/04/27 09:52:58 | 000,431,439 | ---- | C] () -- C:\Windows\System32\XIFIND.BIN [2001/04/27 09:52:58 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIFINE.BIN [2001/04/27 09:52:58 | 000,030,237 | ---- | C] () -- C:\Windows\System32\XIFINC.BIN [2001/04/27 09:52:58 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XIFINP.BIN [2001/04/27 09:52:58 | 000,007,394 | ---- | C] () -- C:\Windows\System32\XIFINS.BIN [2001/04/27 09:52:58 | 000,004,316 | ---- | C] () -- C:\Windows\System32\XIFINZ.BIN [2001/04/27 09:52:56 | 000,482,384 | ---- | C] () -- C:\Windows\System32\XIENGB.BIN [2001/04/27 09:52:56 | 000,246,288 | ---- | C] () -- C:\Windows\System32\XIDUTD.BIN [2001/04/27 09:52:56 | 000,237,741 | ---- | C] () -- C:\Windows\System32\XIENGD.BIN [2001/04/27 09:52:56 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIDUTE.BIN [2001/04/27 09:52:56 | 000,082,608 | ---- | C] () -- C:\Windows\System32\XIENGE.BIN [2001/04/27 09:52:56 | 000,026,302 | ---- | C] () -- C:\Windows\System32\XIENGC.BIN [2001/04/27 09:52:56 | 000,015,386 | ---- | C] () -- C:\Windows\System32\XIENGL.BIN [2001/04/27 09:52:56 | 000,015,054 | ---- | C] () -- C:\Windows\System32\XIENGS.BIN [2001/04/27 09:52:56 | 000,011,296 | ---- | C] () -- C:\Windows\System32\XIENGF.BIN [2001/04/27 09:52:56 | 000,009,660 | ---- | C] () -- C:\Windows\System32\XIDUTP.BIN [2001/04/27 09:52:56 | 000,007,914 | ---- | C] () -- C:\Windows\System32\XIDUTS.BIN [2001/04/27 09:52:56 | 000,006,556 | ---- | C] () -- C:\Windows\System32\XIENGP.BIN [2001/04/27 09:52:56 | 000,004,654 | ---- | C] () -- C:\Windows\System32\XIDUTZ.BIN [2001/04/27 09:52:56 | 000,003,894 | ---- | C] () -- C:\Windows\System32\XIENGZ.BIN [2001/04/27 09:52:54 | 000,531,718 | ---- | C] () -- C:\Windows\System32\XIDUTB.BIN [2001/04/27 09:52:54 | 000,525,816 | ---- | C] () -- C:\Windows\System32\XIDANB.BIN [2001/04/27 09:52:54 | 000,390,070 | ---- | C] () -- C:\Windows\System32\XIDAND.BIN [2001/04/27 09:52:54 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIDANE.BIN [2001/04/27 09:52:54 | 000,038,538 | ---- | C] () -- C:\Windows\System32\XIDUTC.BIN [2001/04/27 09:52:54 | 000,037,688 | ---- | C] () -- C:\Windows\System32\XIDANC.BIN [2001/04/27 09:52:54 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XIDANP.BIN [2001/04/27 09:52:54 | 000,005,954 | ---- | C] () -- C:\Windows\System32\XIDANS.BIN [2001/04/27 09:52:54 | 000,004,482 | ---- | C] () -- C:\Windows\System32\XIDANZ.BIN [2001/04/27 09:52:52 | 000,526,932 | ---- | C] () -- C:\Windows\System32\XIBRZB.BIN [2001/04/27 09:52:52 | 000,087,689 | ---- | C] () -- C:\Windows\System32\XIBRZD.BIN [2001/04/27 09:52:52 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIBRZE.BIN [2001/04/27 09:52:52 | 000,041,561 | ---- | C] () -- C:\Windows\System32\XIBRZC.BIN [2001/04/27 09:52:52 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XIBRZP.BIN [2001/04/27 09:52:52 | 000,008,634 | ---- | C] () -- C:\Windows\System32\XIBRZS.BIN [2001/04/27 09:52:52 | 000,004,522 | ---- | C] () -- C:\Windows\System32\XIBRZZ.BIN [2000/08/08 11:43:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMPLM.dll [1999/10/25 09:53:58 | 000,004,073 | ---- | C] () -- C:\Windows\Sage.ini [1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll [1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\TMailRL.sys [1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\TMail3FL.SYS [1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\rlfnlf.sys [1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\flfnlf.sys [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2012/01/20 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Adobe [2012/02/24 09:44:47 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Apple Computer [2008/08/13 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\ATI [2007/11/13 09:25:50 | 000,000,000 | R--D | M] -- C:\Users\harrisons\AppData\Roaming\Brother [2009/02/04 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1 [2010/02/24 14:26:59 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\DassaultSystemes [2012/03/05 17:15:07 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Dropbox [2010/02/24 14:26:59 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\EDrawings [2008/03/28 09:46:11 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Google [2007/11/08 10:14:29 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Identities [2012/01/17 17:16:28 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Invu [2007/11/16 15:47:35 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Macromedia [2012/01/16 14:12:05 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Malwarebytes [2012/01/20 09:59:40 | 000,000,000 | --SD | M] -- C:\Users\harrisons\AppData\Roaming\Microsoft [2008/04/30 11:52:31 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Nokia [2008/05/12 10:49:59 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\NSeries [2008/05/12 11:01:37 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\PC Suite [2012/03/05 17:16:18 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Skype [2011/07/04 13:06:15 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\skypePM [2008/01/03 09:10:47 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Sony Ericsson [2010/03/22 17:02:54 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Sunbelt [2007/11/20 10:19:08 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Sunbelt Software [2010/06/29 10:01:12 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Trusteer [2009/11/20 14:26:07 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\U3 [2010/04/17 14:37:08 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Windows Small Business Server [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/04/10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009/04/10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007/09/07 13:29:45 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2007/09/07 13:57:22 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys [2007/09/07 13:57:22 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys [2007/09/07 13:29:45 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2007/09/07 13:29:45 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys [2008/02/13 03:04:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/02/13 03:04:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/02/13 03:04:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008/02/13 03:04:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007/11/16 15:24:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007/11/16 15:24:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008/01/18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe [2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe [2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe [2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/30 23:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/30 23:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/30 23:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/30 23:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< >[/color] < End of report >