Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

system check virus - help please

Started by bike vault , Jan 16 2012 09:21 AM

Please log in to reply

#1
bike vault

Posted 16 January 2012 - 09:21 AM

Member

Member
62 posts

Hi,

I have acquired this virus today and have next to no access to any system resource. I've got MBAM on via a usb stick and have a quick scan running (12 mins as of now) with no ill effects reported. I am logged on elsewhere BTW.

Please advise what next..

FYI this is a Fujitsu tower running Vista Pro latest SP. It's a company unit with VIPRE Enterprise AV.

I tried to launch into SafeMode but had no keyboard control to make the selection so it defaulted to Normal.

Out of interest, assuming that there are no other nasties (and I have no reason to believe there are), and we get this resolved, am I likely to have suffered any long term file damage or will everything be reasonably back to normal?

Thanks in advance.

I HAVE RUN ALL THE TESTS FROM THIS POST WHICH APPEARS TO BE SIMILAR http://www.geekstogo...em-check-virus/

AND AM NOW REBOOTING REMOTELY.

IF THE PC IS SORTED WOULD I BE ABLE TO RUN A SYTEM RSTORE TO RECOVER ALL MY DESKTOP ICONS ETC AS THESE AND THE START MENUS ARE ALL MISSING.

Cheers,
Simon

Edited by bike vault, 16 January 2012 - 03:10 PM.

#2
bike vault

Posted 16 January 2012 - 10:40 AM

Member

Topic Starter
Member
62 posts

mbam log FYI
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19154
harrisons :: YK1M007380 [administrator]

Protection: Enabled

16/01/2012 15:08:51
mbam-log-2012-01-16 (15-08-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 364607
Time elapsed: 1 hour(s), 3 minute(s), 24 second(s)

Memory Processes Detected: 1
C:\Windows\Temp\_ex-68.exe (Trojan.Dropper) -> 3604 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MozillaAgent (Trojan.Dropper) -> Data: C:\Windows\Temp\_ex-68.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\harrisons\AppData\Local\Temp\oiu0.5357399904797465.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\harrisons\AppData\Local\Temp\tue0.20532479256854352.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\U72CPBO0.dll (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-89.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-68.exe (Trojan.Dropper) -> Delete on reboot.

(end)

#3
bike vault

Posted 16 January 2012 - 11:02 AM

Member

Topic Starter
Member
62 posts

Rogue Killer appears appropriate from similar posts..
downloaded, option 2 selected the following log produced.

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: harrisons [Admin rights]
Mode: Remove -- Date : 01/16/2012 17:00:30

¤¤¤ Bad processes: 3 ¤¤¤
[WINDOW : System Check] nbUAfvUj621um0.exe -- C:\ProgramData\nbUAfvUj621um0.exe -> KILLED [TermProc]
[SUSP PATH] LlJwTeDMeFPCEj.exe -- C:\ProgramData\LlJwTeDMeFPCEj.exe -> KILLED [TermProc]
[SUSP PATH] LxrAutorun.exe -- C:\Users\harrisons\AppData\Local\Lexar Media\LxrAutorun.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 10 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : LxrAutorun (C:\Users\harrisons\AppData\Local\Lexar Media\LxrAutorun.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : LlJwTeDMeFPCEj.exe (C:\ProgramData\LlJwTeDMeFPCEj.exe) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[382] : NtCreateThreadEx @ 0x83C6BFE4 -> HOOKED (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys @ 0x92F39640)

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
192.168.51.25 Lon-mail.london.wk.loc

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 6b2fd8aabc3ccdc5696e9b0faf4d14ee
[BSP] b777cd4bec9f8c2ebed591ff647bb14a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 12678 | Size: 2148 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 4219027 | Size: 157880 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4
bike vault

Posted 16 January 2012 - 11:30 AM

Member

Topic Starter
Member
62 posts

RogueKiller option 6 now run..

Log below:
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: harrisons [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/16/2012 17:24:39

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1847 / Fail 0
Quick launch: Success 23 / Fail 0
Programs: Success 33260 / Fail 0
Start menu: Success 261 / Fail 0
User folder: Success 38358 / Fail 0
My documents: Success 316 / Fail 0
My favorites: Success 245 / Fail 0
My pictures: Success 22 / Fail 0
My music: Success 82 / Fail 0
My videos: Success 3 / Fail 0
Local drives: Success 441783 / Fail 0
Backup: [FOUND] Success 210 / Fail 1

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\LanmanRedirector\;G:000000000004f5c0\SERVER6\DATA2 -- 0x4 --> Skipped
[H:] \Device\LanmanRedirector\;H:000000000004f5c0\server5\data -- 0x4 --> Skipped
[I:] \Device\LanmanRedirector\;I:000000000004f5c0\SERVER6\IRIS -- 0x4 --> Skipped
[M:] \Device\LanmanRedirector\;M:000000000004f5c0\server6\iris\data\notes\_usert -- 0x4 --> Skipped
[Q:] \Device\LanmanRedirector\;Q:000000000004f5c0\SERVER6\ProAcc -- 0x4 --> Skipped
[T:] \Device\LanmanRedirector\;T:000000000004f5c0\SERVER6\Users\harrisons -- 0x4 --> Skipped
[U:] \Device\LanmanRedirector\;U:000000000004f5c0\SERVER6\InvuPrinters\harrisons -- 0x4 --> Skipped
[X:] \Device\LanmanRedirector\;X:000000000004f5c0\SERVER6\Public -- 0x4 --> Skipped
[Y:] \Device\HarddiskVolume1 -- 0x3 --> Restored

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#5
bike vault

Posted 16 January 2012 - 02:55 PM

Member

Topic Starter
Member
62 posts

OTL Extras

OTL Extras logfile created on: 16/01/2012 17:34:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\harrisons\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 52.16% Memory free
7.24 Gb Paging File | 5.45 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.04 Gb Total Space | 41.39 Gb Free Space | 28.15% Space Free | Partition Type: NTFS
Drive G: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive H: | 258.25 Gb Total Space | 69.09 Gb Free Space | 26.75% Space Free | Partition Type: NTFS
Drive I: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive M: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive Q: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive T: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive U: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive X: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive Y: | 2.00 Gb Total Space | 1.63 Gb Free Space | 81.42% Space Free | Partition Type: NTFS

Computer Name: YK1M007380 | User Name: harrisons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|[email protected],-25111|[email protected],-25112|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|[email protected],-25252|[email protected],-25257|[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|[email protected],-25352|[email protected],-25357|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25083|[email protected],-25088|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25062|[email protected],-25067|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25069|[email protected],-25074|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25076|[email protected],-25081|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|[email protected],-25027|[email protected],-25032|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|[email protected],-25020|[email protected],-25025|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|[email protected],-25002|[email protected],-25007|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|[email protected],-25117|[email protected],-25118|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|[email protected],-25013|[email protected],-25018|[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|[email protected],-25114|[email protected],-25115|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|[email protected],-25008|[email protected],-25011|[email protected],-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7F0DE60B-C1CF-4523-9AE9-A8D0E5E94136}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{EE37ACA7-529D-457E-B657-5E007F86CBEA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FC21D0CD-0EBF-428C-9CDF-78A54B10D17E}" = lport=3389 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08CC0474-C5C6-49A8-B130-6C0BE5E339F7}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{115D0CD0-6A40-4650-B9FC-0AD676B85F6D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{208C1792-9911-42CF-BEE6-C5A8337F96E8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2A339DD1-13F4-4E9C-9129-A924BEE23383}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{3B8E80A7-08DE-4DE4-92EE-40E561814521}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{412F47DB-ED50-4C2B-8D75-DDEB3339C1D1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{42B4ED22-C979-4121-820F-27FFEC26DF25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{436C4E6D-649C-4F45-8106-6B1FFD08C5FE}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{474743BB-62F5-470A-943C-4B1E6292C7D9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{476BF318-BE54-433F-8CB2-D5CEF44BF629}" = protocol=17 | dir=in | app=\\server4\iris\tt\iwinload.exe |
"{5E8687B6-B21B-4153-AC6D-862E74B59570}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{76E7B33D-9655-41B4-B40D-485941C87FF3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{862D5EB9-95AF-44D4-92BC-5ADBEBE86C0B}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{9A4736A3-15D1-4D9F-9A60-FE206BB6F546}" = protocol=17 | dir=in | app=c:\users\harrisons\appdata\roaming\dropbox\bin\dropbox.exe |
"{9A77988F-6B21-4125-92D8-013E329915D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1465713-AFEB-4930-8CCA-421B19425FEB}" = protocol=6 | dir=in | app=c:\users\harrisons\appdata\roaming\dropbox\bin\dropbox.exe |
"{B5AE5D2C-9451-4EE6-B27B-A125D8841EBF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{E1E70478-939C-40B1-A245-03B4C5666D02}" = protocol=6 | dir=in | app=\\server4\iris\tt\iwinload.exe |
"{E75A346B-279C-442F-BABE-581386567A1A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{F4062D7A-DE90-4E77-A40B-B654E6F9C77C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{077B2837-311D-4ABA-B17F-7FE2AD1A6719}" = IRIS Foundation Services Customer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2C1CDB87-E1F0-6284-342B-C7B59BE21EBB}" = HydraVision
"{2E35D0C6-4A1D-8F15-31D5-0B2218BDA6D6}" = Catalyst Control Center Graphics Previews Vista
"{2FE06A39-6DD5-C808-60AA-9F1D22D8A003}" = ccc-core-static
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A4EBC3D-8F2F-4B8E-96C9-47064ADF54CE}" = Projector Calculator 1.16
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F3BB843-9363-119C-D395-711E3AA3B9A9}" = CCC Help English
"{46B35AC9-BE50-4BC4-A308-4EDEBF3D046F}" = Accounts
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{4BEAAAB8-9ED9-B2F4-4F34-3BA366AF44FC}" = Catalyst Control Center Graphics Light
"{4D21F997-85AD-42D2-986F-D91C4836438D}" = Accounts
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{59F66E08-CC71-4587-97B1-FEF2D89285DF}" = Brother HL-5240
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CE4C3B4-A33B-CA59-2A3C-563645590170}" = Catalyst Control Center Graphics Full New
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66B3C867-CAEC-DDDC-6CEB-611929EF0018}" = ccc-utility
"{6928A763-F432-1AC6-16B3-DE1E5E66BDAF}" = Catalyst Control Center Core Implementation
"{7061F715-D782-4120-A034-2B4B4F28CC1D}" = Accounts
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{75AAF8A4-AD33-44B5-8686-664FD71F78EE}" = LogMeIn Backup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{94207EF6-6A30-429D-BBE0-79731D3555F9}" = E-Z Audit Version 11
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98A4EF3A-CCD0-479F-8897-B924CA020716}" = Iris Practice Software Workstation
"{9B4F367E-94AD-40A4-8060-460CE4A98C45}" = SageAcc
"{9D544611-F437-4153-913E-91CE036583CC}" = Sunbelt Enterprise Agent
"{A11F2499-EDA8-4DFE-AD68-3C18E8B0FEB2}" = INVU Ocr
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7F9741B-F2F4-60D3-7DEE-1212F2663671}" = Catalyst Control Center Graphics Full Existing
"{A83C6C34-3007-422A-9E56-A74996BCCDBD}" = LogMeIn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB6B898-1D71-2F65-A53E-D0D25E49BF70}" = Catalyst Control Center Graphics Previews Common
"{D019D329-C05B-A0E0-F192-8E899FB9EB5D}" = ATI Catalyst Install Manager
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D1D5D4A1-FB9B-2BCD-9976-47067B15705C}" = ecoDrive
"{DABA5DDF-3EB5-4BC8-A20D-7B14C7B8F482}" = Sage SBD Desktop Install
"{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}" = Windows Small Business Server 2008 Desktop Links Gadget
"{E2BCC97F-A57F-ADE3-12F5-532B193CA671}" = Skins
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA9AAB32-160B-4FC1-AF18-71F11257C574}" = SolidWorks eDrawings 2010
"{EFC6C877-6E77-4E3B-B350-DF4F35D66B51}" = Accounts
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F90E143F-8EB2-4E41-BF4B-E00B046C33E5}" = Microsoft SQL Server Management Objects Collection
"{FA29B4EA-7179-FF92-0434-8B26C433125F}" = Catalyst Control Center HydraVision Full
"{FC0EB9AD-8222-4CB8-8EB6-67B92FB0FB37}" = Brother HL-5140
"{FC9D0B7B-5D95-411B-B14D-CD074E5CCA4A}" = Accounts
"{FCC8A40A-7250-4049-9913-B3B33C3873A5}" = INVU6
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belarc Advisor" = Belarc Advisor 7.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{46B35AC9-BE50-4BC4-A308-4EDEBF3D046F}" = Sage 50 Accounts 2008
"InstallShield_{4D21F997-85AD-42D2-986F-D91C4836438D}" = Sage 50 Accounts 2011
"InstallShield_{7061F715-D782-4120-A034-2B4B4F28CC1D}" = Sage 50 Accounts 2010
"InstallShield_{9B4F367E-94AD-40A4-8060-460CE4A98C45}" = Sage Accounts V11.00
"InstallShield_{EFC6C877-6E77-4E3B-B350-DF4F35D66B51}" = Sage 50 Accounts 2012
"InstallShield_{FC9D0B7B-5D95-411B-B14D-CD074E5CCA4A}" = Sage 50 Accounts 2009
"LAN-Fax Utilities" = LAN-Fax Utilities
"LogMeIn Backup" = LogMeIn Backup
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Money Manager" = Moneysoft Money Manager 6 Business Edition
"PROaudit for Windows v.3.01 11/10/05" = PROaudit for Windows v.3.01 11/10/05
"PROHYBRIDR" = 2007 Microsoft Office system
"Rapport_msi" = Rapport
"RealVNC_is1" = VNC 4.0
"Sage MIS 3.01" = Sage MIS 3.01
"Smartwizard Discovery_is1" = utility version 2.05.03
"vCAP" = vCAP
"zvprt40" = Zan Image Printer 4.0
"zvprt50" = Scan Worx Virtual Printer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-411461532-1346242652-1691616715-1031\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6
bike vault

Posted 16 January 2012 - 02:55 PM

Member

Topic Starter
Member
62 posts

OTL
OTL logfile created on: 16/01/2012 17:34:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\harrisons\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 52.16% Memory free
7.24 Gb Paging File | 5.45 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.04 Gb Total Space | 41.39 Gb Free Space | 28.15% Space Free | Partition Type: NTFS
Drive G: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive H: | 258.25 Gb Total Space | 69.09 Gb Free Space | 26.75% Space Free | Partition Type: NTFS
Drive I: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive M: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive Q: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive T: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive U: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive X: | 212.43 Gb Total Space | 37.90 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive Y: | 2.00 Gb Total Space | 1.63 Gb Free Space | 81.42% Space Free | Partition Type: NTFS

Computer Name: YK1M007380 | User Name: harrisons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 17:32:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\harrisons\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/19 11:47:01 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/12/19 11:46:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/07/28 14:00:36 | 000,053,248 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/23 23:03:04 | 001,332,560 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe
PRC - [2010/09/23 22:55:30 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe
PRC - [2010/09/23 22:55:18 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
PRC - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/01/29 08:23:10 | 000,017,408 | ---- | M] (Invu Services Ltd) -- C:\Program Files\INVU Services Ltd\INVU6\INVU.Client.Services.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/10/14 01:00:00 | 000,157,552 | ---- | M] (ATConsulting LLC) -- \\server5\ezaudit\ondemand.exe
PRC - [2008/08/11 17:12:44 | 001,574,224 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\LogmeInBackupService.exe
PRC - [2008/08/11 17:12:29 | 000,480,592 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
PRC - [2008/08/11 17:12:25 | 000,079,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\BackupMaint.exe
PRC - [2008/07/14 14:26:58 | 000,087,368 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\LMIGuardian.exe
PRC - [2007/10/15 10:15:47 | 000,040,960 | ---- | M] () -- C:\Program Files\vCAP\vCAPService.exe
PRC - [2007/10/15 10:15:32 | 001,028,096 | ---- | M] (PSCS) -- C:\Program Files\vCAP\vCAP.exe
PRC - [2007/09/12 10:20:58 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/13 11:11:30 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 09:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
PRC - [2006/01/09 12:56:04 | 000,049,152 | -H-- | M] () -- C:\Windows\System32\LxrSII1s.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/07 13:10:24 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2009/04/10 22:28:24 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/10 22:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/05/12 15:55:52 | 000,159,744 | -H-- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/19 11:47:01 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/19 11:46:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/07/28 14:00:36 | 000,053,248 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/23 22:55:30 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/09/23 22:55:18 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/02/24 14:25:17 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/01/29 08:23:10 | 000,017,408 | ---- | M] (Invu Services Ltd) [Auto | Running] -- C:\Program Files\INVU Services Ltd\INVU6\INVU.Client.Services.exe -- (INVU Series 6 Message Service)
SRV - [2008/08/11 17:12:44 | 001,574,224 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Backup\LogmeInBackupService.exe -- (LogMeInBackupService.exe)
SRV - [2008/08/11 17:12:29 | 000,480,592 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Backup\lmibackupvssservice.exe -- (LMIBackupVSSService.exe)
SRV - [2008/08/11 17:12:25 | 000,079,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Backup\BackupMaint.exe -- (BackupMaint)
SRV - [2007/10/15 10:15:47 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\vCAP\vCAPService.exe -- (vCAP Calendar Server)
SRV - [2007/02/08 15:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/01/09 12:56:04 | 000,049,152 | -H-- | M] () [Auto | Running] -- C:\Windows\System32\LxrSII1s.exe -- (LxrSII1s)

========== Driver Services (SafeList) ==========

DRV - [2011/12/19 11:46:36 | 000,083,360 | -H-- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/15 17:13:23 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/10 15:24:06 | 000,020,464 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | -H-- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/04/14 14:59:03 | 000,075,264 | -H-- | M] () [File_System | Unknown | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2010/07/27 03:48:30 | 000,078,936 | -H-- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/06/14 13:54:30 | 000,069,976 | -H-- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/10 07:49:43 | 000,013,408 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\radpms.sys -- (radpms)
DRV - [2010/05/20 14:27:24 | 000,030,576 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/05/13 07:56:22 | 000,098,392 | -H-- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/10/18 07:48:51 | 000,047,640 | -H-- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/05/12 16:31:00 | 003,592,704 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/01/18 22:42:14 | 000,045,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/11/16 16:28:59 | 000,006,828 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftlund.sys -- (FTLUND)
DRV - [2007/01/24 08:28:00 | 000,080,128 | -H-- | M] (OEM) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\oxpar.sys -- (oxpar)
DRV - [2006/12/14 08:37:40 | 000,072,672 | -H-- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2000/07/24 00:01:00 | 000,019,537 | -H-- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

O1 HOSTS File: ([2009/03/11 16:53:56 | 000,000,766 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.51.25 Lon-mail.london.wk.loc
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-411461532-1346242652-1691616715-1031..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\imtih.exe (SysDrive)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\imtih.exe (SysDrive)
O4 - Startup: C:\Users\harrisons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\harrisons\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\harrisons.YK1M007380\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dehu.exe (SysDrive)
O4 - Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\aquri.exe (SysDrive)
O4 - Startup: C:\Users\simon harrison.harrisons-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\amade.exe (SysDrive)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Series 6 - {42229191-CCEA-11d3-BE71-00C0DFE1873E} - C:\Program Files\INVU Services Ltd\INVU6\INVU.WebCapture.exe (Invu Services Ltd)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\..Trusted Domains: google.com ([kh] http in Trusted sites)
O15 - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\..Trusted Domains: southend.local ([remote] https in Local intranet)
O15 - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\..Trusted Domains: wk.loc ([engine.southend] http in Local intranet)
O15 - HKU\S-1-5-21-411461532-1346242652-1691616715-1031\..Trusted Domains: wk.loc ([engine.southend] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logme...ivex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} https://billcentre.v...printengine.cab (PrintEngine ActiveX Control v4.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = southend.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32FFA92F-9A3F-4369-B288-51CD15391C83}: DhcpNameServer = 192.168.0.200
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/10 15:20:40 | 000,000,066 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a7bb5187-8374-11de-8333-0019991b9328}\Shell\AutoRun\command - "" = D:\P-touch2430PC\P-touch2430PC.exe
O33 - MountPoints2\{a7bb5187-8374-11de-8333-0019991b9328}\Shell\demo\command - "" = D:\P-touch2430PC\P-touch2430PC.exe
O33 - MountPoints2\{ec3f673c-a1cc-11dd-be8e-0019991b9328}\Shell\AutoRun\command - "" = wdsync.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 17:32:15 | 000,584,192 | -H-- | C] (OldTimer Tools) -- C:\Users\harrisons\Desktop\OTL.exe
[2012/01/16 16:58:34 | 000,000,000 | -H-D | C] -- C:\Users\harrisons\Desktop\RK_Quarantine
[2012/01/16 16:55:24 | 000,000,000 | -H-D | C] -- C:\Users\harrisons\AppData\Local\PackageAware
[2012/01/16 14:12:05 | 000,000,000 | -H-D | C] -- C:\Users\harrisons\AppData\Roaming\Malwarebytes
[2012/01/16 14:11:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 14:11:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 14:11:49 | 000,020,464 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/16 14:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/16 13:41:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2012/01/16 12:09:16 | 000,000,000 | -H-D | C] -- C:\Users\harrisons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/16 12:01:17 | 000,362,278 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\nbUAfvUj621um0.exe
[2012/01/16 11:54:09 | 000,451,366 | --S- | C] (Microsoft Corporation) -- C:\ProgramData\LlJwTeDMeFPCEj.exe
[2012/01/04 11:12:21 | 000,000,000 | -H-D | C] -- C:\Users\harrisons\Desktop\Andrew Hopkins Concrete B4 2011 YE
[2011/12/30 09:44:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/30 09:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/30 09:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/30 09:37:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/30 09:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/23 08:32:46 | 000,184,320 | RH-- | C] ( ) -- C:\Windows\System32\SgE.interop.MSXML2.dll
[2006/12/12 10:59:08 | 000,184,320 | -H-- | C] ( ) -- C:\Windows\System32\Interop.MSXML2.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 17:32:17 | 000,584,192 | -H-- | M] (OldTimer Tools) -- C:\Users\harrisons\Desktop\OTL.exe
[2012/01/16 17:27:22 | 000,111,872 | -H-- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/01/16 16:58:29 | 000,787,456 | -H-- | M] () -- C:\Users\harrisons\Desktop\RogueKiller.exe
[2012/01/16 16:53:07 | 000,000,892 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 16:17:07 | 000,000,888 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 16:16:33 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 16:16:33 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 16:16:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 16:16:17 | 3756,376,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 14:24:24 | 000,000,456 | -H-- | M] () -- C:\ProgramData\nbUAfvUj621um0
[2012/01/16 14:20:54 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~nbUAfvUj621um0
[2012/01/16 14:20:54 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~nbUAfvUj621um0r
[2012/01/16 14:13:42 | 000,000,936 | -H-- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/16 14:13:42 | 000,000,912 | -H-- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 13:29:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\SBRC.dat
[2012/01/16 12:50:15 | 000,001,706 | -H-- | M] () -- C:\Windows\System32\AgentSettings.xml
[2012/01/16 12:50:14 | 000,038,004 | -H-- | M] () -- C:\Windows\System32\Policy.xml
[2012/01/16 12:09:28 | 000,000,611 | -H-- | M] () -- C:\Users\harrisons\Desktop\System Check.lnk
[2012/01/16 12:05:52 | 000,000,157 | ---- | M] () -- C:\Windows\ricdb.ini
[2012/01/16 12:05:51 | 000,000,191 | -H-- | M] () -- C:\Windows\System32\RPCS.ini
[2012/01/16 11:49:00 | 000,000,868 | -H-- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/16 11:33:18 | 000,002,547 | -H-- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Invu Series 6.lnk
[2012/01/16 10:22:05 | 000,001,896 | -H-- | M] () -- C:\Windows\System32\SGLCH32.USR
[2012/01/16 10:22:05 | 000,000,151 | -H-- | M] () -- C:\Windows\System32\SageInformer50.ssf
[2012/01/16 10:03:48 | 000,002,609 | -H-- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk
[2012/01/16 08:58:52 | 000,002,657 | -H-- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012/01/16 08:57:43 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E9F6A8F6-16A8-4D38-B129-9D79CAE6F8BB}.job
[2012/01/13 16:57:08 | 000,002,651 | -H-- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2012/01/12 08:55:03 | 355,082,174 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/09 17:55:39 | 000,004,073 | ---- | M] () -- C:\Windows\Sage.ini
[2012/01/09 11:18:18 | 000,000,737 | ---- | M] () -- C:\Windows\SGREP32.INI
[2012/01/06 09:51:11 | 000,001,842 | -H-- | M] () -- C:\Users\harrisons\Documents\Default.rdp
[2012/01/04 11:11:00 | 021,131,010 | -H-- | M] () -- C:\Users\harrisons\Desktop\Andrew Hopkins Concrete B4 2011 YE.zip
[2011/12/30 09:24:29 | 000,000,917 | -H-- | M] () -- C:\Users\harrisons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/30 09:24:28 | 000,000,937 | -H-- | M] () -- C:\Users\harrisons\Desktop\Dropbox.lnk
[2011/12/22 09:52:09 | 000,001,110 | -H-- | M] () -- C:\Windows\System32\ServiceConfig.xml
[2011/12/21 18:07:53 | 000,000,772 | -H-- | M] () -- C:\Windows\System32\RegistrationConfig.xml
[2011/12/21 11:07:33 | 000,647,304 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/21 11:07:33 | 000,123,304 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/19 13:57:45 | 000,000,680 | -H-- | M] () -- C:\Users\harrisons\AppData\Local\d3d9caps.dat
[2011/12/19 11:46:36 | 000,083,360 | -H-- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2011/12/19 11:46:35 | 000,087,424 | -H-- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2011/12/19 11:46:35 | 000,030,592 | -H-- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/16 17:04:21 | 000,002,523 | -H-- | C] () -- C:\Users\Public\Desktop\Invu Series 6.lnk
[2012/01/16 17:04:21 | 000,002,079 | -H-- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/01/16 17:04:21 | 000,002,009 | -H-- | C] () -- C:\Users\Public\Desktop\Sage 50 Accounts 2012.lnk
[2012/01/16 17:04:21 | 000,001,945 | -H-- | C] () -- C:\Users\Public\Desktop\Sage 50 Accounts 2011.lnk
[2012/01/16 17:04:21 | 000,001,916 | -H-- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012/01/16 17:04:21 | 000,001,897 | -H-- | C] () -- C:\Users\Public\Desktop\Driver DVD.lnk
[2012/01/16 17:04:21 | 000,001,476 | -H-- | C] () -- C:\Users\Public\Desktop\IRIS Practice Software Menu.lnk
[2012/01/16 17:04:21 | 000,000,912 | -H-- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 17:04:16 | 000,001,555 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/01/16 17:04:16 | 000,000,944 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/16 17:04:16 | 000,000,240 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/16 17:04:15 | 000,002,054 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2010.lnk
[2012/01/16 17:04:15 | 000,001,765 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Prac Engine.lnk
[2012/01/16 17:04:15 | 000,001,686 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/01/16 17:04:15 | 000,001,597 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Remote Desktop Connection.lnk
[2012/01/16 17:04:15 | 000,000,912 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Smartwizard Discovery.lnk
[2012/01/16 17:04:15 | 000,000,865 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\VNC Viewer 4.lnk
[2012/01/16 17:04:15 | 000,000,258 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/16 17:04:15 | 000,000,230 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Run.lnk
[2012/01/16 17:04:15 | 000,000,209 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Southend.lnk
[2012/01/16 17:04:14 | 000,002,657 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012/01/16 17:04:14 | 000,002,651 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2012/01/16 17:04:14 | 000,002,609 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk
[2012/01/16 17:04:14 | 000,002,547 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Invu Series 6.lnk
[2012/01/16 17:04:14 | 000,001,950 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012/01/16 17:04:14 | 000,001,768 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/16 17:04:14 | 000,001,743 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/16 17:04:14 | 000,001,614 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2012/01/16 17:04:14 | 000,001,589 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/16 17:04:14 | 000,001,480 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\IRIS Practice Software Menu.lnk
[2012/01/16 17:04:14 | 000,000,949 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/16 17:04:14 | 000,000,944 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/16 17:04:14 | 000,000,936 | -H-- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/16 17:04:13 | 000,001,852 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012/01/16 17:04:13 | 000,001,770 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/01/16 17:04:13 | 000,001,757 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012/01/16 17:04:13 | 000,001,703 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012/01/16 17:04:12 | 000,000,446 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IRIS Practice Software Staff Control Panel.lnk
[2012/01/16 17:04:09 | 000,001,839 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Backup.lnk
[2012/01/16 17:04:09 | 000,000,871 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/01/16 17:04:04 | 000,001,848 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012/01/16 17:04:03 | 000,002,425 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/16 17:04:03 | 000,001,830 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/16 17:04:02 | 000,000,890 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk
[2012/01/16 16:58:57 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/01/16 16:58:28 | 000,787,456 | -H-- | C] () -- C:\Users\harrisons\Desktop\RogueKiller.exe
[2012/01/16 13:29:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\SBRC.dat
[2012/01/16 12:50:13 | 000,038,004 | -H-- | C] () -- C:\Windows\System32\Policy.xml
[2012/01/16 12:50:11 | 000,001,706 | -H-- | C] () -- C:\Windows\System32\AgentSettings.xml
[2012/01/16 12:09:28 | 000,000,611 | -H-- | C] () -- C:\Users\harrisons\Desktop\System Check.lnk
[2012/01/16 12:09:28 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~nbUAfvUj621um0
[2012/01/16 12:09:28 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~nbUAfvUj621um0r
[2012/01/16 12:02:11 | 000,000,456 | -H-- | C] () -- C:\ProgramData\nbUAfvUj621um0
[2012/01/04 11:12:07 | 021,131,010 | -H-- | C] () -- C:\Users\harrisons\Desktop\Andrew Hopkins Concrete B4 2011 YE.zip
[2011/07/27 13:20:46 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2011/07/27 13:20:34 | 000,245,760 | -H-- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2011/07/27 13:20:30 | 000,364,544 | -H-- | C] () -- C:\Windows\System32\SGCDlg32.dll
[2011/07/27 13:20:24 | 000,368,640 | -H-- | C] () -- C:\Windows\System32\SGList32.dll
[2011/07/27 13:20:22 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\SGAppBar.dll
[2011/07/27 13:20:20 | 000,278,528 | -H-- | C] () -- C:\Windows\System32\SGSchemeXML.dll
[2011/07/27 13:20:18 | 000,053,248 | -H-- | C] () -- C:\Windows\System32\SGStat32.dll
[2011/07/27 13:20:16 | 000,172,032 | -H-- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2011/07/27 13:20:16 | 000,122,880 | -H-- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2011/07/27 13:20:10 | 000,294,912 | -H-- | C] () -- C:\Windows\System32\SGTBar32.dll
[2011/07/27 13:20:08 | 000,253,952 | -H-- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2011/07/27 13:20:04 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2011/07/27 13:20:02 | 000,245,760 | -H-- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2011/07/27 13:20:02 | 000,225,280 | -H-- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2011/07/27 13:20:02 | 000,053,248 | -H-- | C] () -- C:\Windows\System32\SGLogo32.dll
[2011/07/27 13:20:00 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\SG3D32.dll
[2011/07/27 13:19:58 | 000,262,144 | -H-- | C] () -- C:\Windows\System32\SGHelp32.dll
[2011/07/27 13:19:58 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\SGIntl32.dll
[2011/07/27 13:19:50 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\SGRegister.dll
[2011/07/27 13:19:48 | 000,114,688 | -H-- | C] () -- C:\Windows\System32\SGCom32.dll
[2011/07/27 13:10:06 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2011/07/27 13:01:02 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\SGDt32.dll
[2011/07/25 16:51:14 | 001,712,128 | -H-- | C] () -- C:\Windows\System32\SGRep32.dll
[2011/07/25 16:51:14 | 000,233,472 | -H-- | C] () -- C:\Windows\System32\SGLCH32.DLL
[2011/07/25 16:51:12 | 000,001,205 | ---- | C] () -- C:\Windows\SAGEINTL.INI
[2011/07/25 16:51:12 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[2011/06/16 13:05:42 | 000,075,264 | -H-- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/06/03 09:39:22 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI
[2011/01/04 13:03:17 | 000,174,860 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/10/29 08:53:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/10 15:27:48 | 000,000,737 | ---- | C] () -- C:\Windows\SGREP32.INI
[2010/04/17 14:37:31 | 000,000,068 | ---- | C] () -- C:\Windows\iltwain.ini
[2010/04/15 18:11:07 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/04/15 18:10:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/04/15 18:08:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/15 18:08:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/02/24 14:25:25 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/02/09 11:33:54 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\SgELauncher.dll
[2010/02/09 11:33:14 | 000,114,688 | -H-- | C] () -- C:\Windows\System32\SgEData.dll
[2010/01/25 11:58:06 | 000,462,848 | -H-- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/26 14:43:54 | 000,000,157 | ---- | C] () -- C:\Windows\ricdb.ini
[2009/03/26 14:43:49 | 000,000,191 | -H-- | C] () -- C:\Windows\System32\RPCS.ini
[2009/03/17 09:57:19 | 000,038,437 | -H-- | C] () -- C:\Users\harrisons\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2008/11/11 14:25:44 | 000,303,104 | -H-- | C] () -- C:\Windows\System32\I3tif32.dll
[2008/11/11 14:25:44 | 000,244,736 | -H-- | C] () -- C:\Windows\System32\ISP2003.dll
[2008/11/11 14:25:44 | 000,163,840 | -H-- | C] () -- C:\Windows\System32\Ilanot32.dll
[2008/09/02 15:56:45 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2008/09/02 15:56:45 | 000,000,160 | -H-- | C] () -- C:\Windows\System32\zvprt5.ini
[2008/09/01 16:40:55 | 000,000,319 | ---- | C] () -- C:\Windows\SWWATER.INI
[2008/09/01 16:06:18 | 000,009,141 | -H-- | C] () -- C:\Windows\System32\zvprtmon.dll
[2008/09/01 16:06:18 | 000,008,407 | -H-- | C] () -- C:\Windows\System32\zvprtmonui.dll
[2008/09/01 16:06:09 | 000,000,068 | -HS- | C] () -- C:\Windows\System32\windzfa0.sys
[2008/08/13 15:43:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/08/13 15:42:10 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/08/13 15:36:14 | 000,000,680 | -H-- | C] () -- C:\Users\harrisons\AppData\Local\d3d9caps.dat
[2008/05/12 15:55:52 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/02 15:23:20 | 000,008,170 | -H-- | C] () -- C:\Users\harrisons\AppData\Roaming\NMM-MetaData.db
[2008/04/28 09:44:33 | 000,049,152 | -H-- | C] () -- C:\Windows\System32\LxrSII1s.exe
[2008/04/28 09:44:32 | 000,072,672 | -H-- | C] () -- C:\Windows\System32\drivers\LxrSII1d.sys
[2008/03/06 14:24:58 | 000,168,883 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/06 00:38:44 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/01/02 16:57:36 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | -H-- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | -H-- | C] () -- C:\Windows\System32\igklg450.dll
[2007/12/10 11:51:25 | 000,000,054 | -H-- | C] () -- C:\Windows\System32\BD5240.DAT
[2007/11/16 17:23:31 | 000,000,030 | -H-- | C] () -- C:\Windows\System32\brss01a.ini
[2007/11/16 17:22:47 | 000,000,290 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2007/11/16 17:22:47 | 000,000,233 | ---- | C] () -- C:\Windows\Brownie.ini
[2007/11/16 17:22:47 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2007/11/16 17:22:45 | 000,015,108 | ---- | C] () -- C:\Windows\HL-5140.INI
[2007/11/16 17:22:45 | 000,000,114 | -H-- | C] () -- C:\Windows\System32\brlmw03a.ini
[2007/11/16 10:44:10 | 000,001,145 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/11/16 10:44:10 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/09 11:48:44 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2007/11/09 11:48:44 | 000,000,052 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2007/11/09 11:24:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\TT.INI
[2007/11/08 12:13:45 | 000,023,052 | -H-- | C] () -- C:\Windows\System32\emptyregdb.dat
[2007/11/08 11:34:15 | 000,005,632 | -H-- | C] () -- C:\Users\harrisons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/08 10:12:42 | 000,048,352 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2007/10/24 07:01:08 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/10/18 09:12:20 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/08/24 19:46:48 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/24 19:38:54 | 001,238,832 | -H-- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/24 19:38:54 | 000,104,636 | -H-- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/21 21:51:16 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\ATIODE.exe
[2007/08/21 19:36:12 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2007/07/11 11:38:37 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2006/11/02 12:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:43 | 000,385,440 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 10:33:01 | 000,647,304 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,123,304 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 15:50:40 | 000,126,976 | RH-- | C] () -- C:\Windows\System32\PDFInstall.exe
[2005/06/06 15:37:18 | 000,000,404 | -H-- | C] () -- C:\Windows\System32\CDK2000.DAT
[2005/03/11 02:02:52 | 000,036,938 | -H-- | C] () -- C:\Windows\System32\RNERR.DLL
[2004/11/16 20:52:00 | 000,268,947 | -H-- | C] () -- C:\Windows\System32\ICDLLW32.DLL
[2004/11/16 20:51:10 | 000,124,979 | -H-- | C] () -- C:\Windows\System32\ICHUNW32.DLL
[2004/08/24 10:29:56 | 000,253,952 | -H-- | C] () -- C:\Windows\System32\SDOApp.dll
[2004/08/10 15:29:04 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\REPDES32.EXE
[2004/06/09 09:57:12 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\Install.exe
[2004/05/25 16:40:04 | 000,010,739 | -H-- | C] () -- C:\Windows\System32\REC_OUT.INI
[2004/04/30 14:54:02 | 000,001,078 | -H-- | C] () -- C:\Windows\System32\RM_RER.INI
[2004/04/30 11:18:22 | 000,026,900 | -H-- | C] () -- C:\Windows\System32\RenderingExt.dat
[2003/09/22 16:37:56 | 000,699,056 | -H-- | C] () -- C:\Windows\System32\lpdata.bin
[2003/05/17 21:18:18 | 000,021,504 | -H-- | C] () -- C:\Windows\System32\ezbrwsr.dll
[2003/01/19 18:11:22 | 000,000,307 | -H-- | C] () -- C:\Windows\System32\RM_MAT.INI
[2002/07/05 09:47:22 | 000,006,844 | -H-- | C] () -- C:\Windows\System32\OURDICT.DAT
[2002/05/08 08:39:48 | 000,805,837 | -H-- | C] () -- C:\Windows\System32\R_pol.dat
[2002/05/08 08:39:48 | 000,622,988 | -H-- | C] () -- C:\Windows\System32\R_rus.dat
[2002/05/08 08:39:48 | 000,368,635 | -H-- | C] () -- C:\Windows\System32\R_swe.dat
[2002/05/08 08:39:48 | 000,345,971 | -H-- | C] () -- C:\Windows\System32\R_por.dat
[2002/05/08 08:39:48 | 000,288,519 | -H-- | C] () -- C:\Windows\System32\R_spa.dat
[2002/05/08 08:39:46 | 000,762,368 | -H-- | C] () -- C:\Windows\System32\R_nor.dat
[2002/05/08 08:39:46 | 000,755,560 | -H-- | C] () -- C:\Windows\System32\R_hun.dat
[2002/05/08 08:39:46 | 000,607,892 | -H-- | C] () -- C:\Windows\System32\R_gre.dat
[2002/05/08 08:39:46 | 000,344,775 | -H-- | C] () -- C:\Windows\System32\R_ita.dat
[2002/05/08 08:39:44 | 000,831,781 | -H-- | C] () -- C:\Windows\System32\R_ger.dat
[2002/05/08 08:39:44 | 000,443,758 | -H-- | C] () -- C:\Windows\System32\R_fin.dat
[2002/05/08 08:39:44 | 000,339,237 | -H-- | C] () -- C:\Windows\System32\R_fre.dat
[2002/05/08 08:39:44 | 000,285,679 | -H-- | C] () -- C:\Windows\System32\R_ENG.DAT
[2002/05/08 08:39:42 | 000,655,435 | -H-- | C] () -- C:\Windows\System32\R_dut.dat
[2002/05/08 08:39:42 | 000,641,241 | -H-- | C] () -- C:\Windows\System32\R_czh.dat
[2002/05/08 08:39:42 | 000,521,315 | -H-- | C] () -- C:\Windows\System32\R_dan.dat
[2002/05/08 08:39:40 | 000,236,245 | -H-- | C] () -- C:\Windows\System32\R_cat.dat
[2002/05/08 08:39:08 | 000,007,376 | -H-- | C] () -- C:\Windows\System32\CURTWORD.dat
[2001/04/27 09:53:10 | 000,009,684 | -H-- | C] () -- C:\Windows\System32\XISWDP.BIN
[2001/04/27 09:53:10 | 000,008,794 | -H-- | C] () -- C:\Windows\System32\XISWDS.BIN
[2001/04/27 09:53:10 | 000,004,364 | -H-- | C] () -- C:\Windows\System32\XISWDZ.BIN
[2001/04/27 09:53:08 | 000,530,244 | -H-- | C] () -- C:\Windows\System32\XISWDB.BIN
[2001/04/27 09:53:08 | 000,489,303 | -H-- | C] () -- C:\Windows\System32\XISWDD.BIN
[2001/04/27 09:53:08 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\XISWDE.BIN
[2001/04/27 09:53:08 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\XISPNE.BIN
[2001/04/27 09:53:08 | 000,034,559 | -H-- | C] () -- C:\Windows\System32\XISWDC.BIN
[2001/04/27 09:53:08 | 000,011,434 | -H-- | C] () -- C:\Windows\System32\XISPNS.BIN
[2001/04/27 09:53:08 | 000,009,648 | -H-- | C] () -- C:\Windows\System32\XISPNP.BIN
[2001/04/27 09:53:08 | 000,004,622 | -H-- | C] () -- C:\Windows\System32\XISPNZ.BIN
[2001/04/27 09:53:06 | 000,537,770 | -H-- | C] () -- C:\Windows\System32\XIPRTB.BIN
[2001/04/27 09:53:06 | 000,527,108 | -H-- | C] () -- C:\Windows\System32\XISPNB.BIN
[2001/04/27 09:53:06 | 000,222,108 | -H-- | C] () -- C:\Windows\System32\XISPND.BIN
[2001/04/27 09:53:06 | 000,086,721 | -H-- | C] () -- C:\Windows\System32\Xiprtd.bin
[2001/04/27 09:53:06 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\Xiprte.bin
[2001/04/27 09:53:06 | 000,041,501 | -H-- | C] () -- C:\Windows\System32\XIPRTC.BIN
[2001/04/27 09:53:06 | 000,034,949 | -H-- | C] () -- C:\Windows\System32\XISPNC.BIN
[2001/04/27 09:53:06 | 000,016,738 | -H-- | C] () -- C:\Windows\System32\Xiprts.bin
[2001/04/27 09:53:06 | 000,009,684 | -H-- | C] () -- C:\Windows\System32\XIPRTP.BIN
[2001/04/27 09:53:06 | 000,004,596 | -H-- | C] () -- C:\Windows\System32\XIPRTZ.BIN
[2001/04/27 09:53:04 | 000,523,560 | -H-- | C] () -- C:\Windows\System32\XINRWB.BIN
[2001/04/27 09:53:04 | 000,345,242 | -H-- | C] () -- C:\Windows\System32\XINRWD.BIN
[2001/04/27 09:53:04 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\XINRWE.BIN
[2001/04/27 09:53:04 | 000,032,607 | -H-- | C] () -- C:\Windows\System32\XINRWC.BIN
[2001/04/27 09:53:04 | 000,009,684 | -H-- | C] () -- C:\Windows\System32\XINRWP.BIN
[2001/04/27 09:53:04 | 000,007,074 | -H-- | C] () -- C:\Windows\System32\XINRWS.BIN
[2001/04/27 09:53:04 | 000,004,378 | -H-- | C] () -- C:\Windows\System32\XINRWZ.BIN
[2001/04/27 09:53:02 | 000,476,018 | -H-- | C] () -- C:\Windows\System32\XIITLB.BIN
[2001/04/27 09:53:02 | 000,249,547 | -H-- | C] () -- C:\Windows\System32\XIGRMD.BIN
[2001/04/27 09:53:02 | 000,161,909 | -H-- | C] () -- C:\Windows\System32\XIITLD.BIN
[2001/04/27 09:53:02 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\XIITLE.BIN
[2001/04/27 09:53:02 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\XIGRME.BIN
[2001/04/27 09:53:02 | 000,035,525 | -H-- | C] () -- C:\Windows\System32\XIITLC.BIN
[2001/04/27 09:53:02 | 000,019,346 | -H-- | C] () -- C:\Windows\System32\XIGRMS.BIN
[2001/04/27 09:53:02 | 000,019,238 | -H-- | C] () -- C:\Windows\System32\XIITLS.BIN
[2001/04/27 09:53:02 | 000,009,656 | -H-- | C] () -- C:\Windows\System32\XIITLP.BIN
[2001/04/27 09:53:02 | 000,009,656 | -H-- | C] () -- C:\Windows\System32\XIGRMP.BIN
[2001/04/27 09:53:02 | 000,004,506 | -H-- | C] () -- C:\Windows\System32\XIITLZ.BIN
[2001/04/27 09:53:02 | 000,004,298 | -H-- | C] () -- C:\Windows\System32\XIGRMZ.BIN
[2001/04/27 09:53:00 | 000,495,908 | -H-- | C] () -- C:\Windows\System32\XIFRNB.BIN
[2001/04/27 09:53:00 | 000,458,050 | -H-- | C] () -- C:\Windows\System32\XIGRMB.BIN
[2001/04/27 09:53:00 | 000,303,591 | -H-- | C] () -- C:\Windows\System32\XIFRND.BIN
[2001/04/27 09:53:00 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\XIFRNE.BIN
[2001/04/27 09:53:00 | 000,056,724 | -H-- | C] () -- C:\Windows\System32\XIFRNC.BIN
[2001/04/27 09:53:00 | 000,035,068 | -H-- | C] () -- C:\Windows\System32\XIGRMC.BIN
[2001/04/27 09:53:00 | 000,021,046 | -H-- | C] () -- C:\Windows\System32\XIFRNS.BIN
[2001/04/27 09:53:00 | 000,009,692 | -H-- | C] () -- C:\Windows\System32\XIFRNP.BIN
[2001/04/27 09:53:00 | 000,004,354 | -H-- | C] () -- C:\Windows\System32\XIFRNZ.BIN
[2001/04/27 09:52:58 | 000,517,334 | -H-- | C] () -- C:\Windows\System32\XIFINB.BIN
[2001/04/27 09:52:58 | 000,431,439 | -H-- | C] () -- C:\Windows\System32\XIFIND.BIN
[2001/04/27 09:52:58 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\XIFINE.BIN
[2001/04/27 09:52:58 | 000,030,237 | -H-- | C] () -- C:\Windows\System32\XIFINC.BIN
[2001/04/27 09:52:58 | 000,009,684 | -H-- | C] () -- C:\Windows\System32\XIFINP.BIN
[2001/04/27 09:52:58 | 000,007,394 | -H-- | C] () -- C:\Windows\System32\XIFINS.BIN
[2001/04/27 09:52:58 | 000,004,316 | -H-- | C] () -- C:\Windows\System32\XIFINZ.BIN
[2001/04/27 09:52:56 | 000,482,384 | -H-- | C] () -- C:\Windows\System32\XIENGB.BIN
[2001/04/27 09:52:56 | 000,246,288 | -H-- | C] () -- C:\Windows\System32\XIDUTD.BIN
[2001/04/27 09:52:56 | 000,237,741 | -H-- | C] () -- C:\Windows\System32\XIENGD.BIN
[2001/04/27 09:52:56 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\XIDUTE.BIN
[2001/04/27 09:52:56 | 000,082,608 | -H-- | C] () -- C:\Windows\System32\XIENGE.BIN
[2001/04/27 09:52:56 | 000,026,302 | -H-- | C] () -- C:\Windows\System32\XIENGC.BIN
[2001/04/27 09:52:56 | 000,015,386 | -H-- | C] () -- C:\Windows\System32\XIENGL.BIN
[2001/04/27 09:52:56 | 000,015,054 | -H-- | C] () -- C:\Windows\System32\XIENGS.BIN
[2001/04/27 09:52:56 | 000,011,296 | -H-- | C] () -- C:\Windows\System32\XIENGF.BIN
[2001/04/27 09:52:56 | 000,009,660 | -H-- | C] () -- C:\Windows\System32\XIDUTP.BIN
[2001/04/27 09:52:56 | 000,007,914 | -H-- | C] () -- C:\Windows\System32\XIDUTS.BIN
[2001/04/27 09:52:56 | 000,006,556 | -H-- | C] () -- C:\Windows\System32\XIENGP.BIN
[2001/04/27 09:52:56 | 000,004,654 | -H-- | C] () -- C:\Windows\System32\XIDUTZ.BIN
[2001/04/27 09:52:56 | 000,003,894 | -H-- | C] () -- C:\Windows\System32\XIENGZ.BIN
[2001/04/27 09:52:54 | 000,531,718 | -H-- | C] () -- C:\Windows\System32\XIDUTB.BIN
[2001/04/27 09:52:54 | 000,525,816 | -H-- | C] () -- C:\Windows\System32\XIDANB.BIN
[2001/04/27 09:52:54 | 000,390,070 | -H-- | C] () -- C:\Windows\System32\XIDAND.BIN
[2001/04/27 09:52:54 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\XIDANE.BIN
[2001/04/27 09:52:54 | 000,038,538 | -H-- | C] () -- C:\Windows\System32\XIDUTC.BIN
[2001/04/27 09:52:54 | 000,037,688 | -H-- | C] () -- C:\Windows\System32\XIDANC.BIN
[2001/04/27 09:52:54 | 000,009,684 | -H-- | C] () -- C:\Windows\System32\XIDANP.BIN
[2001/04/27 09:52:54 | 000,005,954 | -H-- | C] () -- C:\Windows\System32\XIDANS.BIN
[2001/04/27 09:52:54 | 000,004,482 | -H-- | C] () -- C:\Windows\System32\XIDANZ.BIN
[2001/04/27 09:52:52 | 000,526,932 | -H-- | C] () -- C:\Windows\System32\XIBRZB.BIN
[2001/04/27 09:52:52 | 000,087,689 | -H-- | C] () -- C:\Windows\System32\XIBRZD.BIN
[2001/04/27 09:52:52 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\XIBRZE.BIN
[2001/04/27 09:52:52 | 000,041,561 | -H-- | C] () -- C:\Windows\System32\XIBRZC.BIN
[2001/04/27 09:52:52 | 000,009,684 | -H-- | C] () -- C:\Windows\System32\XIBRZP.BIN
[2001/04/27 09:52:52 | 000,008,634 | -H-- | C] () -- C:\Windows\System32\XIBRZS.BIN
[2001/04/27 09:52:52 | 000,004,522 | -H-- | C] () -- C:\Windows\System32\XIBRZZ.BIN
[2000/08/08 11:43:02 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\AMPLM.dll
[1999/10/25 09:53:58 | 000,004,073 | ---- | C] () -- C:\Windows\Sage.ini
[1998/03/26 01:12:00 | 000,053,248 | -H-- | C] () -- C:\Windows\System32\SgHmZLib.dll
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\TMailRL.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\TMail3FL.SYS
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\rlfnlf.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\flfnlf.sys

========== LOP Check ==========

[2008/11/10 12:33:21 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Invu
[2008/11/10 12:32:43 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2008/11/10 12:32:30 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2010/03/19 16:43:04 | 000,000,000 | -H-D | M] -- C:\Users\BotlyJ\AppData\Roaming\Nokia
[2010/03/19 16:41:57 | 000,000,000 | -H-D | M] -- C:\Users\BotlyJ\AppData\Roaming\PC Suite
[2010/07/12 17:03:06 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/07/12 17:03:06 | 000,000,000 | -H-D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2011/04/06 15:58:19 | 000,000,000 | -H-D | M] -- C:\Users\FENND\AppData\Roaming\Trusteer
[2010/05/21 08:07:47 | 000,000,000 | -H-D | M] -- C:\Users\FENND\AppData\Roaming\Windows Small Business Server
[2009/02/04 16:59:49 | 000,000,000 | -H-D | M] -- C:\Users\harrisons\AppData\Roaming\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1
[2010/02/24 14:26:59 | 000,000,000 | -H-D | M] -- C:\Users\harrisons\AppData\Roaming\DassaultSystemes
[2012/01/16 13:52:26 | 000,000,000 | -H-D | M] -- C:\Users\harrisons\AppData\Roaming\Dropbox
[2010/02/24 14:26:59 | 000,000,000 | -H-D | M] -- C:\Users\harrisons\AppData\Roaming\EDrawings
[2010/04/20 11:11:24 | 000,000,000 | -H-D | M] -- C:\Users\harrisons\AppData\Roaming\Invu
[2008/04/30 11:52:31 | 000,000,000 | -H-D | M] -- C:\Users\harrisons\AppData\Roaming\Nokia
[2008/05/12 10:49:59 | 000,000,000 | -H-D | M] -- C:\Users\harrisons\AppData\Roaming\NSeries
[2008/05/12 11:01:37 | 000,000,000 | -H-D | M] -- C:\Users\harrisons\AppData\Roaming\PC Suite
[2010/06/29 10:01:12 | 000,000,000 | -H-D | M] -- C:\Users\harrisons\AppData\Roaming\Trusteer
[2010/04/17 14:37:08 | 000,000,000 | -H-D | M] -- C:\Users\harrisons\AppData\Roaming\Windows Small Business Server
[2010/03/20 11:35:34 | 000,000,000 | -H-D | M] -- C:\Users\harrisons.YK1M007380\AppData\Roaming\Nokia
[2010/03/20 11:36:25 | 000,000,000 | -H-D | M] -- C:\Users\harrisons.YK1M007380\AppData\Roaming\PC Suite
[2010/07/12 17:03:06 | 000,000,000 | -H-D | M] -- C:\Users\TEMP\AppData\Roaming\Trusteer
[2012/01/16 16:15:17 | 000,032,646 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/16 08:57:43 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E9F6A8F6-16A8-4D38-B129-9D79CAE6F8BB}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/16 15:24:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/16 15:24:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >
[2006/11/02 12:55:41 | 000,001,677 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2010/04/15 16:29:21 | 000,000,442 | -HS- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\1\desktop.ini
[2009/10/28 21:22:36 | 000,001,661 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\1\Windows Update.lnk

< %Temp%\smtmp\2\*.* >
[2007/11/16 11:52:23 | 000,001,614 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Calculator.lnk
[2011/08/19 12:02:47 | 000,000,593 | -HS- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\desktop.ini
[2012/01/16 11:33:18 | 000,002,547 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Invu Series 6.lnk
[2011/02/07 08:49:15 | 000,001,480 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\IRIS Practice Software Menu.lnk
[2010/02/26 08:42:39 | 000,000,949 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2012/01/16 14:13:42 | 000,000,936 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Malwarebytes Anti-Malware.lnk
[2012/01/16 10:03:48 | 000,002,609 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Microsoft Office Excel 2007 (2).lnk
[2012/01/16 08:58:52 | 000,002,657 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Microsoft Office Outlook 2007.lnk
[2011/10/27 08:09:23 | 000,000,944 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Microsoft Office Outlook.lnk
[2012/01/13 16:57:08 | 000,002,651 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Microsoft Office Word 2007 (2).lnk
[2007/11/16 11:36:04 | 000,001,765 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Prac Engine.lnk
[2009/08/07 15:16:10 | 000,001,597 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Remote Desktop Connection.lnk
[2009/04/09 11:46:29 | 000,000,230 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Run.lnk
[2006/11/02 12:50:47 | 000,000,258 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk
[2009/09/02 14:12:09 | 000,000,912 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Smartwizard Discovery.lnk
[2008/10/16 08:23:23 | 000,001,686 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Snipping Tool.lnk
[2010/02/24 14:25:08 | 000,002,054 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\SolidWorks eDrawings 2010.lnk
[2008/10/27 15:08:49 | 000,000,209 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Southend.lnk
[2012/01/16 12:09:28 | 000,000,635 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\System Check.lnk
[2009/07/27 08:33:46 | 000,000,865 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\VNC Viewer 4.lnk
[2006/11/02 12:50:47 | 000,000,240 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Window Switcher.lnk
[2007/11/26 12:23:38 | 000,001,555 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Windows Explorer.lnk
[2011/08/19 12:02:47 | 000,000,944 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\2\Windows Media Player.lnk

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >
[2010/04/15 16:29:21 | 000,000,174 | -HS- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\4\desktop.ini
[2007/11/08 09:32:43 | 000,001,897 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\4\Driver DVD.lnk
[2011/11/22 11:57:21 | 000,002,079 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\4\Google Earth.lnk
[2011/08/05 08:30:49 | 000,002,523 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\4\Invu Series 6.lnk
[2011/02/06 12:03:40 | 000,001,476 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\4\IRIS Practice Software Menu.lnk
[2012/01/16 14:13:42 | 000,000,912 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\4\Malwarebytes Anti-Malware.lnk
[2010/10/29 11:14:32 | 000,001,916 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\4\Microsoft LifeCam.lnk
[2011/03/08 15:09:50 | 000,001,945 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\4\Sage 50 Accounts 2011.lnk
[2011/11/22 10:55:01 | 000,002,009 | -H-- | M] () -- C:\Users\HARRIS~1\AppData\Local\Temp\smtmp\4\Sage 50 Accounts 2012.lnk

< End of report >

#7
bike vault

Posted 16 January 2012 - 03:08 PM

Member

Topic Starter
Member
62 posts

The only issue here is that after RogueKiller my quicklinks reappeared along with some desktop icons; after OTL the quicklinks have disappeared again.

ASWMBR log:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-16 21:01:22
-----------------------------
21:01:22.948 OS Version: Windows 6.0.6002 Service Pack 2
21:01:22.948 Number of processors: 2 586 0xF0D
21:01:22.953 ComputerName: YK1M007380 UserName: harrisons
21:01:26.223 Initialize success
21:01:38.869 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:01:38.871 Disk 0 Vendor: ST3160815AS 3.AAA Size: 152627MB BusType: 3
21:01:38.889 Disk 0 MBR read successfully
21:01:38.892 Disk 0 MBR scan
21:01:38.894 Disk 0 Windows VISTA default MBR code
21:01:38.904 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 2049 MB offset 12678
21:01:38.917 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 150566 MB offset 4219027
21:01:38.923 Disk 0 scanning sectors +312579760
21:01:39.034 Disk 0 scanning C:\Windows\system32\drivers
21:01:48.613 Service scanning
21:01:50.797 Modules scanning
21:02:07.252 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
21:02:29.760 Disk 0 trace - called modules:
21:02:29.854 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x9399aff0]<<
21:02:29.861 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874a32d8]
21:02:29.870 3 CLASSPNP.SYS[8d7a78b3] -> nt!IofCallDriver -> [0x888aca20]
21:02:29.880 \Driver\00001092[0x888afa08] -> IRP_MJ_CREATE -> 0x9399aff0
21:02:29.890 Scan finished successfully
21:07:02.279 Disk 0 MBR has been saved successfully to "C:\Users\harrisons\Desktop\MBR.dat"
21:07:02.285 The log file has been saved successfully to "C:\Users\harrisons\Desktop\aswMBR.txt"

#8
bike vault

Posted 16 January 2012 - 03:24 PM

Member

Topic Starter
Member
62 posts

Hi,

Everything seems fine EXCEPT!!!!

No icons, no menus, no quicklinks.

I can run programs by typing into search ie. Outlook.exe

Would system restore bring back all the above 'essentials'?

Cheers.

#9
bike vault

Posted 18 January 2012 - 06:48 AM

Member

Topic Starter
Member
62 posts

Hello,

I still need some help here please...

Altough the essence of my PC seems to be okay I'm having problems as the majority of the files in the 'prigram data' directory now have the attribute 'hidden' and accordingly the programs they relate to don't run.

Is there a way I can wholesale revert the attributes back to unhidden; I can't seem to be able to job lot this in Explorer.

Cheers,

Simon

#10
RKinner

Posted 18 January 2012 - 11:38 AM

Malware Expert

Expert
24,625 posts

When you answer your own post you disappear off the unanswered list which is where we look for new cases.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls (allow the Avast option)
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', make sure you check for updates before doing a scan. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download, Save and Right click on unhide.exe and Run As Administrator from

http://download.blee...nler/unhide.exe

Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#11
bike vault

Posted 18 January 2012 - 11:48 AM

Member

Topic Starter
Member
62 posts

Hi Ron,

I did think I may have posted and removed myself from the visible list requiring assistance!

Most of these routines I have already run and to be honest there doesn't appear to be any infection now..

My issue is really correcting some of the monkeying about taht has occured with file attributes.

As it's a work PC I can't invest too much time in down time activities.

Based on the logs already supplied is it possible to narrow down and reduce the additional routines to be run; as I say most of them have already been run by me in removing System Check.

Cheers,

Simon

#12
RKinner

Posted 18 January 2012 - 12:31 PM

Malware Expert

Expert
24,625 posts

You can try the unhide program.

But if you want me to help I need to see at least a Combofix log and a new OTL log with the script I gave you.

#13
bike vault

Posted 18 January 2012 - 12:51 PM

Member

Topic Starter
Member
62 posts

Hi Ron,

Much more manageable!

I'll have a go tomorrow at work and post in the results.

Cheers, help appreciated,

Simon

#14
bike vault

Posted 19 January 2012 - 10:16 AM

Member

Topic Starter
Member
62 posts

Hi Ron,

Okay all three above run; logs as follows:

As I said previously this a work PC and we have Vipre Enterprise as our protection.

Is there anything you can recommend to run alongside that would increase our protection?

Cheers, and thanks for your help.

Simon

ComboFix
ComboFix 12-01-18.04 - harrisons 19/01/2012 14:12:46.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3581.2437 [GMT 0:00]
Running from: c:\users\harrisons\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~nbUAfvUj621um0
c:\programdata\~nbUAfvUj621um0r
c:\programdata\nbUAfvUj621um0
c:\users\harrisons\AppData\Local\Lexar Media\LxrAutorun.exe
c:\users\harrisons\GoToAssistDownloadHelper.exe
c:\users\harrisons\WINDOWS
c:\windows\$NtUninstallKB8340$
c:\windows\$NtUninstallKB8340$\1097949669\bckfg.tmp
c:\windows\$NtUninstallKB8340$\1097949669\cfg.ini
c:\windows\$NtUninstallKB8340$\1097949669\kwrd.dll
c:\windows\$NtUninstallKB8340$\1097949669\U\00000001.@
c:\windows\$NtUninstallKB8340$\1097949669\U\00000002.@
c:\windows\$NtUninstallKB8340$\1097949669\U\00000004.@
c:\windows\$NtUninstallKB8340$\1097949669\U\80000000.@
c:\windows\$NtUninstallKB8340$\1097949669\U\80000004.@
c:\windows\$NtUninstallKB8340$\1097949669\U\80000032.@
c:\windows\$NtUninstallKB8340$\1655736975
c:\windows\system32\~GLH0074.TMP
c:\windows\system32\install.exe
c:\windows\system32\PackageRuntimeMsiInstall.log
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-19 14:37 . 2012-01-19 14:37 -------- d-----w- c:\users\simon harrison\AppData\Local\temp
2012-01-19 14:37 . 2012-01-19 14:37 -------- d-----w- c:\users\simon harrison.harrisons-PC\AppData\Local\temp
2012-01-19 14:37 . 2012-01-19 14:37 -------- d-----w- c:\users\RobinsonJ\AppData\Local\temp
2012-01-19 14:37 . 2012-01-19 14:37 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-01-19 14:37 . 2012-01-19 14:37 -------- d-----w- c:\users\harrisons.YK1M007380\AppData\Local\temp
2012-01-19 14:37 . 2012-01-19 14:37 -------- d-----w- c:\users\FENND\AppData\Local\temp
2012-01-19 14:37 . 2012-01-19 14:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-19 14:37 . 2012-01-19 14:37 -------- d-----w- c:\users\BotlyJ\AppData\Local\temp
2012-01-17 17:00 . 2012-01-17 17:00 3584 ----a-r- c:\users\harrisons\AppData\Roaming\Microsoft\Installer\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}\Icon386ED4E3.exe
2012-01-17 17:00 . 2012-01-17 17:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2012-01-17 15:21 . 2012-01-17 15:21 -------- d-----w- c:\users\harrisons\AppData\Local\ElevatedDiagnostics
2012-01-17 13:01 . 2012-01-17 13:01 -------- d-----w- c:\users\harrisons.YK1M007380\AppData\Local\Adobe
2012-01-16 16:55 . 2012-01-16 16:55 -------- d-----w- c:\users\harrisons\AppData\Local\PackageAware
2012-01-16 14:12 . 2012-01-16 14:12 -------- d-----w- c:\users\harrisons\AppData\Roaming\Malwarebytes
2012-01-16 14:11 . 2012-01-16 14:11 -------- d-----w- c:\programdata\Malwarebytes
2012-01-16 14:11 . 2012-01-16 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-16 13:41 . 2012-01-16 13:41 -------- d-----w- c:\programdata\WindowsSearch
2011-12-30 09:42 . 2011-12-30 09:42 -------- d-----w- c:\program files\iPod
2011-12-30 09:42 . 2012-01-17 11:43 -------- d-----w- c:\program files\iTunes
2011-12-30 09:37 . 2011-12-30 09:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-12-30 09:37 . 2011-12-30 09:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-12-30 09:37 . 2011-12-30 09:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-12-30 09:37 . 2011-12-30 09:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-12-30 09:37 . 2011-12-30 09:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-12-30 09:37 . 2011-12-30 09:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-12-30 09:37 . 2011-12-30 09:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-12-30 09:37 . 2012-01-17 11:43 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 11:46 . 2007-11-16 11:34 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-19 11:46 . 2007-11-16 11:34 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-19 11:46 . 2007-11-16 11:34 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-19 11:46 . 2007-11-16 11:34 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-11-15 08:53 . 2011-06-17 16:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-10-28 15:59 . 2011-07-25 16:56 544768 ----a-w- c:\windows\system32\S18DBC32.dll
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\harrisons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\harrisons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\harrisons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\harrisons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\harrisons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\harrisons\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
IRIS Practice Software Staff Control Panel.lnk - \\server6\Iris\iwinpasl.EXE [2011-11-4 850432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-411461532-1346242652-1691616715-1031\Scripts\Logon\0\0]
"Script"=DisableSFS.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-411461532-1346242652-1691616715-1031\Scripts\Logon\1\0]
"Script"=SBS_Logon_Script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-411461532-1346242652-1691616715-1038\Scripts\Logon\0\0]
"Script"=DisableSFS.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-411461532-1346242652-1691616715-1042\Scripts\Logon\0\0]
"Script"=DisableSFS.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-411461532-1346242652-1691616715-1042\Scripts\Logon\1\0]
"Script"=SBS_Logon_Script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-411461532-1346242652-1691616715-500\Scripts\Logon\0\0]
"Script"=DisableSFS.bat
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Backup GUI]
2008-08-11 17:12 488784 ----a-w- c:\program files\LogMeIn Backup\BackupSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-03 13:55 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 22:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F0173905-8498-4452-A4BD-EC689AFA6B3A}]
2010-10-15 19:20 73728 ----a-w- c:\program files\Common Files\Sage SBD\ForceEIRRegistration.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-28 16:39]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:12]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:12]
.
2012-01-19 c:\windows\Tasks\User_Feed_Synchronization-{E9F6A8F6-16A8-4D38-B129-9D79CAE6F8BB}.job
- c:\windows\system32\msfeedssync.exe [2011-10-25 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{42229191-CCEA-11d3-BE71-00C0DFE1873E} - c:\program files\INVU Services Ltd\INVU6\INVU.WebCapture.exe
Trusted Zone: google.com\kh
Trusted Zone: wk.loc\engine.southend
TCP: DhcpNameServer = 192.168.0.200
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-LxrAutorun - c:\users\harrisons\AppData\Local\Lexar Media\LxrAutorun.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-NSeries - c:\program files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(12)
c:\users\harrisons\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\LogMeIn Backup\BackupMaint.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\INVU Services Ltd\INVU6\INVU.Client.Services.exe
c:\program files\LogMeIn Backup\lmibackupvssservice.exe
c:\program files\LogMeIn Backup\LMIGuardian.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn Backup\LogmeInBackupService.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\LogMeIn Backup\LMIGuardian.exe
c:\program files\Common Files\Sage SData\Sage.SData.Service.exe
c:\program files\vCAP\vCAPService.exe
c:\program files\vCAP\vCAP.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Common Files\Apple\Mobile Device Support\SyncServer.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WerCon.exe
.
**************************************************************************
.
Completion time: 2012-01-19 14:58:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-19 14:56
.
Pre-Run: 60,028,579,840 bytes free
Post-Run: 66,715,725,824 bytes free
.
- - End Of File - - CFFB8AC57AFEAA5398521E0D79DC5063

OTL
OTL.txt
OTL logfile created on: 19/01/2012 15:22:03 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\harrisons\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 58.11% Memory free
7.17 Gb Paging File | 5.75 Gb Available in Paging File | 80.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.04 Gb Total Space | 62.03 Gb Free Space | 42.18% Space Free | Partition Type: NTFS
Drive G: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive H: | 258.25 Gb Total Space | 68.87 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
Drive I: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive M: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive Q: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive T: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive U: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive X: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive Y: | 2.00 Gb Total Space | 1.63 Gb Free Space | 81.42% Space Free | Partition Type: NTFS

Computer Name: YK1M007380 | User Name: harrisons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 15:20:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\harrisons\Desktop\OTL.exe
PRC - [2011/12/19 11:47:01 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/12/19 11:46:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/12/05 19:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\harrisons\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/07/28 14:00:36 | 000,053,248 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/01/29 08:23:10 | 000,017,408 | ---- | M] (Invu Services Ltd) -- C:\Program Files\INVU Services Ltd\INVU6\INVU.Client.Services.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/10/14 01:00:00 | 000,157,552 | ---- | M] (ATConsulting LLC) -- \\server5\ezaudit\ondemand.exe
PRC - [2008/08/11 17:12:44 | 001,574,224 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\LogmeInBackupService.exe
PRC - [2008/08/11 17:12:29 | 000,480,592 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
PRC - [2008/08/11 17:12:25 | 000,079,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\BackupMaint.exe
PRC - [2008/07/14 14:26:58 | 000,087,368 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn Backup\LMIGuardian.exe
PRC - [2007/10/15 10:15:47 | 000,040,960 | ---- | M] () -- C:\Program Files\vCAP\vCAPService.exe
PRC - [2007/10/15 10:15:32 | 001,028,096 | ---- | M] (PSCS) -- C:\Program Files\vCAP\vCAP.exe
PRC - [2007/09/12 10:20:58 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/13 11:11:30 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/01/09 12:56:04 | 000,049,152 | ---- | M] () -- C:\Windows\System32\LxrSII1s.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/25 14:57:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/25 14:57:04 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/25 14:56:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/25 13:44:50 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/25 13:44:05 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/25 13:43:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/25 13:40:35 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/25 13:40:19 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/07 13:10:24 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2008/08/13 15:45:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3054.18974__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.dll
MOD - [2008/08/13 15:45:13 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3054.18974__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
MOD - [2008/08/13 15:45:12 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3054.18974__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
MOD - [2008/08/13 15:45:12 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3054.18973__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
MOD - [2008/08/13 15:45:12 | 000,200,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3054.18972__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
MOD - [2008/08/13 15:45:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3054.18964__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll
MOD - [2008/08/13 15:45:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3054.18972__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.dll
MOD - [2008/08/13 15:45:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3054.18973__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.dll
MOD - [2008/08/13 15:45:12 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3054.18972__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll
MOD - [2008/08/13 15:45:12 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3054.18973__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll
MOD - [2008/08/13 15:45:12 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3054.18963__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll
MOD - [2008/08/13 15:45:11 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3054.18975__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2008/08/13 15:45:11 | 000,192,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3054.18964__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll
MOD - [2008/08/13 15:45:11 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3054.18963__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2008/08/13 15:45:11 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3054.18962__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2008/08/13 15:45:11 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3054.18971__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2008/08/13 15:45:11 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3054.18963__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2008/08/13 15:45:10 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3054.18653__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/08/13 15:45:10 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3054.18892__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008/08/13 15:45:10 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3054.18608__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:10 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3054.18668__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/08/13 15:45:10 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3054.18882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3054.18645__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/08/13 15:45:10 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3054.18782__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3054.18630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:09 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3054.18864__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2008/08/13 15:45:09 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3054.18924__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/08/13 15:45:09 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3054.18932__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:09 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3054.18623__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:09 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3054.18837__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:08 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3054.18848__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:08 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3054.18855__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/08/13 15:45:08 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3054.18846__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:07 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3054.18921__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:06 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3054.18960__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:06 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3054.18959__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:04 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3054.18793__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:04 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3054.18871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/08/13 15:45:04 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3054.18792__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:03 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3054.18676__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:03 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3054.18814__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:02 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3054.18683__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:02 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3054.18632__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3054.18690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3054.18812__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:01 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3054.18885__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3054.18827__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/08/13 15:45:00 | 000,663,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3054.18840__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:00 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3054.18785__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:00 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3054.18777__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/08/13 15:45:00 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3054.18783__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/08/13 15:44:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3054.18791__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/08/13 15:44:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/08/13 15:44:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2008/08/13 15:44:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/08/13 15:44:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3005.17534__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2008/08/13 15:44:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/08/13 15:44:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/08/13 15:44:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/08/13 15:44:56 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/08/13 15:44:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/08/13 15:44:52 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/08/13 15:44:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/08/13 15:44:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/08/13 15:44:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2008/08/13 15:44:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/08/13 15:44:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/08/13 15:44:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/08/13 15:44:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/08/13 15:44:51 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/08/13 15:44:51 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/08/13 15:44:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/08/13 15:44:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/08/13 15:44:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/08/13 15:44:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/08/13 15:44:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/08/13 15:44:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/08/13 15:44:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/08/13 15:44:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/08/13 15:44:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/08/13 15:44:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/08/13 15:44:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/08/13 15:44:48 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2008/08/13 15:44:48 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/08/13 15:44:47 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/08/13 15:44:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/08/13 15:44:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/08/13 15:44:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/08/13 15:44:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/08/13 15:44:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/08/13 15:44:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/08/13 15:44:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/08/13 15:44:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/08/13 15:44:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/08/13 15:44:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/08/13 15:44:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3054.18949__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/08/13 15:44:45 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/08/13 15:44:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/08/13 15:44:45 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3054.18964__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/08/13 15:44:45 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/08/13 15:44:44 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3054.18910__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/08/13 15:44:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/08/13 15:44:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/08/13 15:44:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/08/13 15:44:43 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3054.18639__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/08/13 15:44:43 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3054.18900__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/08/13 15:44:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3054.18907__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/08/13 15:44:43 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/08/13 15:44:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/08/13 15:44:43 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/08/13 15:44:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/08/13 15:44:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/08/13 15:44:39 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3054.18617__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/08/13 15:44:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/08/13 15:44:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3054.18598__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/08/13 15:44:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3054.18594__90ba9c70f846762e\APM.Server.dll
MOD - [2008/08/13 15:44:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3054.18909__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/08/13 15:44:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/08/13 15:44:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/08/13 15:44:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3054.18596__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/05/12 15:55:52 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/12/19 11:47:01 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/19 11:46:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/07/28 14:00:36 | 000,053,248 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/02/24 14:25:17 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/01/29 08:23:10 | 000,017,408 | ---- | M] (Invu Services Ltd) [Auto | Running] -- C:\Program Files\INVU Services Ltd\INVU6\INVU.Client.Services.exe -- (INVU Series 6 Message Service)
SRV - [2008/08/11 17:12:44 | 001,574,224 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Backup\LogmeInBackupService.exe -- (LogMeInBackupService.exe)
SRV - [2008/08/11 17:12:29 | 000,480,592 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Backup\lmibackupvssservice.exe -- (LMIBackupVSSService.exe)
SRV - [2008/08/11 17:12:25 | 000,079,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Backup\BackupMaint.exe -- (BackupMaint)
SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/15 10:15:47 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\vCAP\vCAPService.exe -- (vCAP Calendar Server)
SRV - [2007/02/08 15:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/01/09 12:56:04 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Windows\System32\LxrSII1s.exe -- (LxrSII1s)

========== Driver Services (SafeList) ==========

DRV - [2011/12/19 11:46:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/15 17:13:23 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/06/10 07:49:43 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\radpms.sys -- (radpms)
DRV - [2010/05/20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2008/10/18 07:48:51 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/05/12 16:31:00 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/01/18 22:42:14 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/11/16 16:28:59 | 000,006,828 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftlund.sys -- (FTLUND)
DRV - [2007/01/24 08:28:00 | 000,080,128 | ---- | M] (OEM) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\oxpar.sys -- (oxpar)
DRV - [2006/12/14 08:37:40 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

O1 HOSTS File: ([2012/01/19 14:41:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\harrisons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\harrisons\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Series 6 - {42229191-CCEA-11d3-BE71-00C0DFE1873E} - C:\Program Files\INVU Services Ltd\INVU6\INVU.WebCapture.exe (Invu Services Ltd)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: google.com ([kh] http in Trusted sites)
O15 - HKCU\..Trusted Domains: southend.local ([remote] https in Local intranet)
O15 - HKCU\..Trusted Domains: wk.loc ([engine.southend] http in Local intranet)
O15 - HKCU\..Trusted Domains: wk.loc ([engine.southend] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logme...ivex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} https://billcentre.v...printengine.cab (PrintEngine ActiveX Control v4.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = southend.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32FFA92F-9A3F-4369-B288-51CD15391C83}: DhcpNameServer = 192.168.0.200
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/10 15:20:40 | 000,000,066 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk - C:\Program Files\google\Google Updater\GoogleUpdater.exe - (Google)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn Backup GUI - hkey= - key= - C:\Program Files\LogMeIn Backup\BackupSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F0173905-8498-4452-A4BD-EC689AFA6B3A} - "%ProgramFiles%\Common Files\Sage SBD\ForceEIRRegistration.exe"
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 15:19:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\harrisons\Desktop\OTL.exe
[2012/01/19 14:41:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/19 12:47:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 12:47:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 12:47:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 12:47:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 12:47:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/19 12:47:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 12:43:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/19 12:36:20 | 004,387,138 | R--- | C] (Swearware) -- C:\Users\harrisons\Desktop\ComboFix.exe
[2012/01/17 17:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2012/01/17 17:00:17 | 000,000,000 | ---D | C] -- C:\Users\harrisons\Desktop\msicuu2
[2012/01/17 15:21:28 | 000,000,000 | ---D | C] -- C:\Users\harrisons\AppData\Local\ElevatedDiagnostics
[2012/01/17 15:19:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/01/17 15:19:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2012/01/16 16:58:34 | 000,000,000 | ---D | C] -- C:\Users\harrisons\Desktop\RK_Quarantine
[2012/01/16 16:55:24 | 000,000,000 | ---D | C] -- C:\Users\harrisons\AppData\Local\PackageAware
[2012/01/16 14:12:05 | 000,000,000 | ---D | C] -- C:\Users\harrisons\AppData\Roaming\Malwarebytes
[2012/01/16 14:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 14:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/16 13:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/01/04 11:12:21 | 000,000,000 | ---D | C] -- C:\Users\harrisons\Desktop\Andrew Hopkins Concrete B4 2011 YE
[2011/12/30 09:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/30 09:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/30 09:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/30 09:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/30 09:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/23 08:32:46 | 000,184,320 | R--- | C] ( ) -- C:\Windows\System32\SgE.interop.MSXML2.dll
[2006/12/12 10:59:08 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\Interop.MSXML2.dll

========== Files - Modified Within 30 Days ==========

[2012/01/19 15:20:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\harrisons\Desktop\OTL.exe
[2012/01/19 15:09:31 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/19 15:09:03 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 15:09:03 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 15:08:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 15:08:47 | 3754,299,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 15:06:18 | 000,002,657 | ---- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012/01/19 14:53:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 14:41:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/19 12:45:37 | 000,001,842 | ---- | M] () -- C:\Users\harrisons\Documents\Default.rdp
[2012/01/19 12:36:37 | 004,387,138 | R--- | M] (Swearware) -- C:\Users\harrisons\Desktop\ComboFix.exe
[2012/01/19 12:13:14 | 000,002,651 | ---- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2012/01/19 12:02:24 | 000,002,547 | ---- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Invu Series 6.lnk
[2012/01/19 11:49:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/19 11:37:43 | 000,001,896 | ---- | M] () -- C:\Windows\System32\SGLCH32.USR
[2012/01/19 10:26:20 | 000,684,297 | ---- | M] () -- C:\Users\harrisons\Desktop\unhide.exe
[2012/01/19 08:53:54 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E9F6A8F6-16A8-4D38-B129-9D79CAE6F8BB}.job
[2012/01/18 09:02:16 | 000,002,609 | ---- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk
[2012/01/17 17:05:59 | 000,002,482 | ---- | M] () -- C:\Users\Public\Desktop\IRIS Practice Software Menu.lnk
[2012/01/17 17:05:59 | 000,001,452 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IRIS Practice Software Staff Control Panel.lnk
[2012/01/17 17:00:05 | 000,148,524 | ---- | M] () -- C:\Users\harrisons\Desktop\msicuu2.zip
[2012/01/17 16:17:40 | 000,001,480 | ---- | M] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\IRIS Practice Software Menu.lnk
[2012/01/17 15:17:37 | 005,111,808 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012/01/17 15:17:37 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2012/01/17 15:17:37 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2012/01/17 15:08:22 | 000,055,400 | ---- | M] () -- C:\Users\harrisons\Desktop\iris error.JPG
[2012/01/17 13:10:43 | 000,000,157 | ---- | M] () -- C:\Windows\ricdb.ini
[2012/01/17 13:10:42 | 000,000,191 | ---- | M] () -- C:\Windows\System32\RPCS.ini
[2012/01/16 21:07:02 | 000,000,512 | ---- | M] () -- C:\Users\harrisons\Desktop\MBR.dat
[2012/01/12 08:55:03 | 355,082,174 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/09 17:55:39 | 000,004,073 | ---- | M] () -- C:\Windows\Sage.ini
[2012/01/09 11:18:18 | 000,000,737 | ---- | M] () -- C:\Windows\SGREP32.INI
[2012/01/09 11:08:42 | 000,000,151 | ---- | M] () -- C:\Windows\System32\SageInformer50.ssf
[2012/01/04 11:11:00 | 021,131,010 | ---- | M] () -- C:\Users\harrisons\Desktop\Andrew Hopkins Concrete B4 2011 YE.zip
[2011/12/30 09:24:29 | 000,000,917 | ---- | M] () -- C:\Users\harrisons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/30 09:24:28 | 000,000,937 | ---- | M] () -- C:\Users\harrisons\Desktop\Dropbox.lnk
[2011/12/22 09:52:09 | 000,001,110 | ---- | M] () -- C:\Windows\System32\ServiceConfig.xml
[2011/12/21 18:07:53 | 000,000,772 | ---- | M] () -- C:\Windows\System32\RegistrationConfig.xml
[2011/12/21 11:07:33 | 000,647,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/21 11:07:33 | 000,123,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/01/19 12:47:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 12:47:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 12:47:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 12:47:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 12:47:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 10:26:16 | 000,684,297 | ---- | C] () -- C:\Users\harrisons\Desktop\unhide.exe
[2012/01/17 17:00:49 | 000,001,876 | ---- | C] () -- C:\Users\harrisons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2012/01/17 17:00:03 | 000,148,524 | ---- | C] () -- C:\Users\harrisons\Desktop\msicuu2.zip
[2012/01/17 16:17:40 | 000,001,480 | ---- | C] () -- C:\Users\harrisons\Application Data\Microsoft\Internet Explorer\Quick Launch\IRIS Practice Software Menu.lnk
[2012/01/17 15:38:42 | 000,002,482 | ---- | C] () -- C:\Users\Public\Desktop\IRIS Practice Software Menu.lnk
[2012/01/17 15:16:39 | 005,111,808 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012/01/17 15:16:39 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2012/01/17 15:16:39 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2012/01/17 15:08:17 | 000,055,400 | ---- | C] () -- C:\Users\harrisons\Desktop\iris error.JPG
[2012/01/17 13:08:20 | 3754,299,392 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/16 21:07:02 | 000,000,512 | ---- | C] () -- C:\Users\harrisons\Desktop\MBR.dat
[2012/01/04 11:12:07 | 021,131,010 | ---- | C] () -- C:\Users\harrisons\Desktop\Andrew Hopkins Concrete B4 2011 YE.zip
[2011/07/27 13:20:46 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2011/07/27 13:20:34 | 000,245,760 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2011/07/27 13:20:30 | 000,364,544 | ---- | C] () -- C:\Windows\System32\SGCDlg32.dll
[2011/07/27 13:20:24 | 000,368,640 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2011/07/27 13:20:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SGAppBar.dll
[2011/07/27 13:20:20 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGSchemeXML.dll
[2011/07/27 13:20:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SGStat32.dll
[2011/07/27 13:20:16 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2011/07/27 13:20:16 | 000,122,880 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2011/07/27 13:20:10 | 000,294,912 | ---- | C] () -- C:\Windows\System32\SGTBar32.dll
[2011/07/27 13:20:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2011/07/27 13:20:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2011/07/27 13:20:02 | 000,245,760 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2011/07/27 13:20:02 | 000,225,280 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2011/07/27 13:20:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SGLogo32.dll
[2011/07/27 13:20:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SG3D32.dll
[2011/07/27 13:19:58 | 000,262,144 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2011/07/27 13:19:58 | 000,102,400 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2011/07/27 13:19:50 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2011/07/27 13:19:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2011/07/27 13:10:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2011/07/27 13:01:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGDt32.dll
[2011/07/25 16:51:14 | 001,712,128 | ---- | C] () -- C:\Windows\System32\SGRep32.dll
[2011/07/25 16:51:14 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLCH32.DLL
[2011/07/25 16:51:12 | 000,001,205 | ---- | C] () -- C:\Windows\SAGEINTL.INI
[2011/07/25 16:51:12 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[2011/06/03 09:39:22 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI
[2011/01/04 13:03:17 | 000,174,860 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/10/29 08:53:57 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/10 15:27:48 | 000,000,737 | ---- | C] () -- C:\Windows\SGREP32.INI
[2010/04/17 14:37:31 | 000,000,068 | ---- | C] () -- C:\Windows\iltwain.ini
[2010/04/15 18:11:07 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/04/15 18:10:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/04/15 18:08:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/15 18:08:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/02/24 14:25:25 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/02/09 11:33:54 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SgELauncher.dll
[2010/02/09 11:33:14 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SgEData.dll
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/26 14:43:54 | 000,000,157 | ---- | C] () -- C:\Windows\ricdb.ini
[2009/03/26 14:43:49 | 000,000,191 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2009/03/17 09:57:19 | 000,038,437 | ---- | C] () -- C:\Users\harrisons\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2008/11/11 14:25:44 | 000,303,104 | ---- | C] () -- C:\Windows\System32\I3tif32.dll
[2008/11/11 14:25:44 | 000,244,736 | ---- | C] () -- C:\Windows\System32\ISP2003.dll
[2008/11/11 14:25:44 | 000,163,840 | ---- | C] () -- C:\Windows\System32\Ilanot32.dll
[2008/09/02 15:56:45 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2008/09/02 15:56:45 | 000,000,160 | ---- | C] () -- C:\Windows\System32\zvprt5.ini
[2008/09/01 16:40:55 | 000,000,319 | ---- | C] () -- C:\Windows\SWWATER.INI
[2008/09/01 16:06:18 | 000,009,141 | ---- | C] () -- C:\Windows\System32\zvprtmon.dll
[2008/09/01 16:06:18 | 000,008,407 | ---- | C] () -- C:\Windows\System32\zvprtmonui.dll
[2008/09/01 16:06:09 | 000,000,068 | -HS- | C] () -- C:\Windows\System32\windzfa0.sys
[2008/08/13 15:43:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/08/13 15:42:10 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/08/13 15:36:14 | 000,000,680 | ---- | C] () -- C:\Users\harrisons\AppData\Local\d3d9caps.dat
[2008/05/12 15:55:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/02 15:23:20 | 000,008,170 | ---- | C] () -- C:\Users\harrisons\AppData\Roaming\NMM-MetaData.db
[2008/04/28 09:44:33 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LxrSII1s.exe
[2008/04/28 09:44:32 | 000,072,672 | ---- | C] () -- C:\Windows\System32\drivers\LxrSII1d.sys
[2008/03/06 14:24:58 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/12/10 11:51:25 | 000,000,054 | ---- | C] () -- C:\Windows\System32\BD5240.DAT
[2007/11/16 17:23:31 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2007/11/16 17:22:47 | 000,000,290 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2007/11/16 17:22:47 | 000,000,233 | ---- | C] () -- C:\Windows\Brownie.ini
[2007/11/16 17:22:47 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2007/11/16 17:22:45 | 000,015,108 | ---- | C] () -- C:\Windows\HL-5140.INI
[2007/11/16 17:22:45 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2007/11/16 10:44:10 | 000,001,145 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/11/16 10:44:10 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/09 11:48:44 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2007/11/09 11:48:44 | 000,000,052 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2007/11/09 11:24:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\TT.INI
[2007/11/08 12:13:45 | 000,023,052 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2007/11/08 11:34:15 | 000,005,632 | ---- | C] () -- C:\Users\harrisons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/08 10:12:42 | 000,048,352 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/10/24 07:01:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/08/24 19:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/24 19:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/24 19:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/21 21:51:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2007/08/21 19:36:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2007/07/11 11:38:37 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2006/11/02 12:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:43 | 000,385,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 10:33:01 | 000,647,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,123,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 15:50:40 | 000,126,976 | R--- | C] () -- C:\Windows\System32\PDFInstall.exe
[2005/06/06 15:37:18 | 000,000,404 | ---- | C] () -- C:\Windows\System32\CDK2000.DAT
[2005/03/11 02:02:52 | 000,036,938 | ---- | C] () -- C:\Windows\System32\RNERR.DLL
[2004/11/16 20:52:00 | 000,268,947 | ---- | C] () -- C:\Windows\System32\ICDLLW32.DLL
[2004/11/16 20:51:10 | 000,124,979 | ---- | C] () -- C:\Windows\System32\ICHUNW32.DLL
[2004/08/24 10:29:56 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SDOApp.dll
[2004/08/10 15:29:04 | 000,040,960 | ---- | C] () -- C:\Windows\System32\REPDES32.EXE
[2004/05/25 16:40:04 | 000,010,739 | ---- | C] () -- C:\Windows\System32\REC_OUT.INI
[2004/04/30 14:54:02 | 000,001,078 | ---- | C] () -- C:\Windows\System32\RM_RER.INI
[2004/04/30 11:18:22 | 000,026,900 | ---- | C] () -- C:\Windows\System32\RenderingExt.dat
[2003/09/22 16:37:56 | 000,699,056 | ---- | C] () -- C:\Windows\System32\lpdata.bin
[2003/05/17 21:18:18 | 000,021,504 | ---- | C] () -- C:\Windows\System32\ezbrwsr.dll
[2003/01/19 18:11:22 | 000,000,307 | ---- | C] () -- C:\Windows\System32\RM_MAT.INI
[2002/07/05 09:47:22 | 000,006,844 | ---- | C] () -- C:\Windows\System32\OURDICT.DAT
[2002/05/08 08:39:48 | 000,805,837 | ---- | C] () -- C:\Windows\System32\R_pol.dat
[2002/05/08 08:39:48 | 000,622,988 | ---- | C] () -- C:\Windows\System32\R_rus.dat
[2002/05/08 08:39:48 | 000,368,635 | ---- | C] () -- C:\Windows\System32\R_swe.dat
[2002/05/08 08:39:48 | 000,345,971 | ---- | C] () -- C:\Windows\System32\R_por.dat
[2002/05/08 08:39:48 | 000,288,519 | ---- | C] () -- C:\Windows\System32\R_spa.dat
[2002/05/08 08:39:46 | 000,762,368 | ---- | C] () -- C:\Windows\System32\R_nor.dat
[2002/05/08 08:39:46 | 000,755,560 | ---- | C] () -- C:\Windows\System32\R_hun.dat
[2002/05/08 08:39:46 | 000,607,892 | ---- | C] () -- C:\Windows\System32\R_gre.dat
[2002/05/08 08:39:46 | 000,344,775 | ---- | C] () -- C:\Windows\System32\R_ita.dat
[2002/05/08 08:39:44 | 000,831,781 | ---- | C] () -- C:\Windows\System32\R_ger.dat
[2002/05/08 08:39:44 | 000,443,758 | ---- | C] () -- C:\Windows\System32\R_fin.dat
[2002/05/08 08:39:44 | 000,339,237 | ---- | C] () -- C:\Windows\System32\R_fre.dat
[2002/05/08 08:39:44 | 000,285,679 | ---- | C] () -- C:\Windows\System32\R_ENG.DAT
[2002/05/08 08:39:42 | 000,655,435 | ---- | C] () -- C:\Windows\System32\R_dut.dat
[2002/05/08 08:39:42 | 000,641,241 | ---- | C] () -- C:\Windows\System32\R_czh.dat
[2002/05/08 08:39:42 | 000,521,315 | ---- | C] () -- C:\Windows\System32\R_dan.dat
[2002/05/08 08:39:40 | 000,236,245 | ---- | C] () -- C:\Windows\System32\R_cat.dat
[2002/05/08 08:39:08 | 000,007,376 | ---- | C] () -- C:\Windows\System32\CURTWORD.dat
[2001/04/27 09:53:10 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XISWDP.BIN
[2001/04/27 09:53:10 | 000,008,794 | ---- | C] () -- C:\Windows\System32\XISWDS.BIN
[2001/04/27 09:53:10 | 000,004,364 | ---- | C] () -- C:\Windows\System32\XISWDZ.BIN
[2001/04/27 09:53:08 | 000,530,244 | ---- | C] () -- C:\Windows\System32\XISWDB.BIN
[2001/04/27 09:53:08 | 000,489,303 | ---- | C] () -- C:\Windows\System32\XISWDD.BIN
[2001/04/27 09:53:08 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XISWDE.BIN
[2001/04/27 09:53:08 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XISPNE.BIN
[2001/04/27 09:53:08 | 000,034,559 | ---- | C] () -- C:\Windows\System32\XISWDC.BIN
[2001/04/27 09:53:08 | 000,011,434 | ---- | C] () -- C:\Windows\System32\XISPNS.BIN
[2001/04/27 09:53:08 | 000,009,648 | ---- | C] () -- C:\Windows\System32\XISPNP.BIN
[2001/04/27 09:53:08 | 000,004,622 | ---- | C] () -- C:\Windows\System32\XISPNZ.BIN
[2001/04/27 09:53:06 | 000,537,770 | ---- | C] () -- C:\Windows\System32\XIPRTB.BIN
[2001/04/27 09:53:06 | 000,527,108 | ---- | C] () -- C:\Windows\System32\XISPNB.BIN
[2001/04/27 09:53:06 | 000,222,108 | ---- | C] () -- C:\Windows\System32\XISPND.BIN
[2001/04/27 09:53:06 | 000,086,721 | ---- | C] () -- C:\Windows\System32\Xiprtd.bin
[2001/04/27 09:53:06 | 000,085,100 | ---- | C] () -- C:\Windows\System32\Xiprte.bin
[2001/04/27 09:53:06 | 000,041,501 | ---- | C] () -- C:\Windows\System32\XIPRTC.BIN
[2001/04/27 09:53:06 | 000,034,949 | ---- | C] () -- C:\Windows\System32\XISPNC.BIN
[2001/04/27 09:53:06 | 000,016,738 | ---- | C] () -- C:\Windows\System32\Xiprts.bin
[2001/04/27 09:53:06 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XIPRTP.BIN
[2001/04/27 09:53:06 | 000,004,596 | ---- | C] () -- C:\Windows\System32\XIPRTZ.BIN
[2001/04/27 09:53:04 | 000,523,560 | ---- | C] () -- C:\Windows\System32\XINRWB.BIN
[2001/04/27 09:53:04 | 000,345,242 | ---- | C] () -- C:\Windows\System32\XINRWD.BIN
[2001/04/27 09:53:04 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XINRWE.BIN
[2001/04/27 09:53:04 | 000,032,607 | ---- | C] () -- C:\Windows\System32\XINRWC.BIN
[2001/04/27 09:53:04 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XINRWP.BIN
[2001/04/27 09:53:04 | 000,007,074 | ---- | C] () -- C:\Windows\System32\XINRWS.BIN
[2001/04/27 09:53:04 | 000,004,378 | ---- | C] () -- C:\Windows\System32\XINRWZ.BIN
[2001/04/27 09:53:02 | 000,476,018 | ---- | C] () -- C:\Windows\System32\XIITLB.BIN
[2001/04/27 09:53:02 | 000,249,547 | ---- | C] () -- C:\Windows\System32\XIGRMD.BIN
[2001/04/27 09:53:02 | 000,161,909 | ---- | C] () -- C:\Windows\System32\XIITLD.BIN
[2001/04/27 09:53:02 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIITLE.BIN
[2001/04/27 09:53:02 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIGRME.BIN
[2001/04/27 09:53:02 | 000,035,525 | ---- | C] () -- C:\Windows\System32\XIITLC.BIN
[2001/04/27 09:53:02 | 000,019,346 | ---- | C] () -- C:\Windows\System32\XIGRMS.BIN
[2001/04/27 09:53:02 | 000,019,238 | ---- | C] () -- C:\Windows\System32\XIITLS.BIN
[2001/04/27 09:53:02 | 000,009,656 | ---- | C] () -- C:\Windows\System32\XIITLP.BIN
[2001/04/27 09:53:02 | 000,009,656 | ---- | C] () -- C:\Windows\System32\XIGRMP.BIN
[2001/04/27 09:53:02 | 000,004,506 | ---- | C] () -- C:\Windows\System32\XIITLZ.BIN
[2001/04/27 09:53:02 | 000,004,298 | ---- | C] () -- C:\Windows\System32\XIGRMZ.BIN
[2001/04/27 09:53:00 | 000,495,908 | ---- | C] () -- C:\Windows\System32\XIFRNB.BIN
[2001/04/27 09:53:00 | 000,458,050 | ---- | C] () -- C:\Windows\System32\XIGRMB.BIN
[2001/04/27 09:53:00 | 000,303,591 | ---- | C] () -- C:\Windows\System32\XIFRND.BIN
[2001/04/27 09:53:00 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIFRNE.BIN
[2001/04/27 09:53:00 | 000,056,724 | ---- | C] () -- C:\Windows\System32\XIFRNC.BIN
[2001/04/27 09:53:00 | 000,035,068 | ---- | C] () -- C:\Windows\System32\XIGRMC.BIN
[2001/04/27 09:53:00 | 000,021,046 | ---- | C] () -- C:\Windows\System32\XIFRNS.BIN
[2001/04/27 09:53:00 | 000,009,692 | ---- | C] () -- C:\Windows\System32\XIFRNP.BIN
[2001/04/27 09:53:00 | 000,004,354 | ---- | C] () -- C:\Windows\System32\XIFRNZ.BIN
[2001/04/27 09:52:58 | 000,517,334 | ---- | C] () -- C:\Windows\System32\XIFINB.BIN
[2001/04/27 09:52:58 | 000,431,439 | ---- | C] () -- C:\Windows\System32\XIFIND.BIN
[2001/04/27 09:52:58 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIFINE.BIN
[2001/04/27 09:52:58 | 000,030,237 | ---- | C] () -- C:\Windows\System32\XIFINC.BIN
[2001/04/27 09:52:58 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XIFINP.BIN
[2001/04/27 09:52:58 | 000,007,394 | ---- | C] () -- C:\Windows\System32\XIFINS.BIN
[2001/04/27 09:52:58 | 000,004,316 | ---- | C] () -- C:\Windows\System32\XIFINZ.BIN
[2001/04/27 09:52:56 | 000,482,384 | ---- | C] () -- C:\Windows\System32\XIENGB.BIN
[2001/04/27 09:52:56 | 000,246,288 | ---- | C] () -- C:\Windows\System32\XIDUTD.BIN
[2001/04/27 09:52:56 | 000,237,741 | ---- | C] () -- C:\Windows\System32\XIENGD.BIN
[2001/04/27 09:52:56 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIDUTE.BIN
[2001/04/27 09:52:56 | 000,082,608 | ---- | C] () -- C:\Windows\System32\XIENGE.BIN
[2001/04/27 09:52:56 | 000,026,302 | ---- | C] () -- C:\Windows\System32\XIENGC.BIN
[2001/04/27 09:52:56 | 000,015,386 | ---- | C] () -- C:\Windows\System32\XIENGL.BIN
[2001/04/27 09:52:56 | 000,015,054 | ---- | C] () -- C:\Windows\System32\XIENGS.BIN
[2001/04/27 09:52:56 | 000,011,296 | ---- | C] () -- C:\Windows\System32\XIENGF.BIN
[2001/04/27 09:52:56 | 000,009,660 | ---- | C] () -- C:\Windows\System32\XIDUTP.BIN
[2001/04/27 09:52:56 | 000,007,914 | ---- | C] () -- C:\Windows\System32\XIDUTS.BIN
[2001/04/27 09:52:56 | 000,006,556 | ---- | C] () -- C:\Windows\System32\XIENGP.BIN
[2001/04/27 09:52:56 | 000,004,654 | ---- | C] () -- C:\Windows\System32\XIDUTZ.BIN
[2001/04/27 09:52:56 | 000,003,894 | ---- | C] () -- C:\Windows\System32\XIENGZ.BIN
[2001/04/27 09:52:54 | 000,531,718 | ---- | C] () -- C:\Windows\System32\XIDUTB.BIN
[2001/04/27 09:52:54 | 000,525,816 | ---- | C] () -- C:\Windows\System32\XIDANB.BIN
[2001/04/27 09:52:54 | 000,390,070 | ---- | C] () -- C:\Windows\System32\XIDAND.BIN
[2001/04/27 09:52:54 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIDANE.BIN
[2001/04/27 09:52:54 | 000,038,538 | ---- | C] () -- C:\Windows\System32\XIDUTC.BIN
[2001/04/27 09:52:54 | 000,037,688 | ---- | C] () -- C:\Windows\System32\XIDANC.BIN
[2001/04/27 09:52:54 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XIDANP.BIN
[2001/04/27 09:52:54 | 000,005,954 | ---- | C] () -- C:\Windows\System32\XIDANS.BIN
[2001/04/27 09:52:54 | 000,004,482 | ---- | C] () -- C:\Windows\System32\XIDANZ.BIN
[2001/04/27 09:52:52 | 000,526,932 | ---- | C] () -- C:\Windows\System32\XIBRZB.BIN
[2001/04/27 09:52:52 | 000,087,689 | ---- | C] () -- C:\Windows\System32\XIBRZD.BIN
[2001/04/27 09:52:52 | 000,085,100 | ---- | C] () -- C:\Windows\System32\XIBRZE.BIN
[2001/04/27 09:52:52 | 000,041,561 | ---- | C] () -- C:\Windows\System32\XIBRZC.BIN
[2001/04/27 09:52:52 | 000,009,684 | ---- | C] () -- C:\Windows\System32\XIBRZP.BIN
[2001/04/27 09:52:52 | 000,008,634 | ---- | C] () -- C:\Windows\System32\XIBRZS.BIN
[2001/04/27 09:52:52 | 000,004,522 | ---- | C] () -- C:\Windows\System32\XIBRZZ.BIN
[2000/08/08 11:43:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMPLM.dll
[1999/10/25 09:53:58 | 000,004,073 | ---- | C] () -- C:\Windows\Sage.ini
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\TMailRL.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\TMail3FL.SYS
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\rlfnlf.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\flfnlf.sys

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2008/12/16 08:56:24 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Adobe
[2010/12/30 14:38:14 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Apple Computer
[2008/08/13 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\ATI
[2007/11/13 09:25:50 | 000,000,000 | R--D | M] -- C:\Users\harrisons\AppData\Roaming\Brother
[2009/02/04 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1
[2010/02/24 14:26:59 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\DassaultSystemes
[2012/01/19 15:13:20 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Dropbox
[2010/02/24 14:26:59 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\EDrawings
[2008/03/28 09:46:11 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Google
[2007/11/08 10:14:29 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Identities
[2012/01/17 17:16:28 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Invu
[2007/11/16 15:47:35 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Macromedia
[2012/01/16 14:12:05 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Malwarebytes
[2010/09/28 15:01:54 | 000,000,000 | --SD | M] -- C:\Users\harrisons\AppData\Roaming\Microsoft
[2008/04/30 11:52:31 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Nokia
[2008/05/12 10:49:59 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\NSeries
[2008/05/12 11:01:37 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\PC Suite
[2012/01/19 15:13:18 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Skype
[2011/07/04 13:06:15 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\skypePM
[2008/01/03 09:10:47 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Sony Ericsson
[2010/03/22 17:02:54 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Sunbelt
[2007/11/20 10:19:08 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Sunbelt Software
[2010/06/29 10:01:12 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Trusteer
[2009/11/20 14:26:07 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\U3
[2010/04/17 14:37:08 | 000,000,000 | ---D | M] -- C:\Users\harrisons\AppData\Roaming\Windows Small Business Server

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/16 15:24:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/16 15:24:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/30 23:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/30 23:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/09/30 21:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/30 23:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/30 23:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

OTL
Extras.txt
OTL Extras logfile created on: 19/01/2012 15:22:03 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\harrisons\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 58.11% Memory free
7.17 Gb Paging File | 5.75 Gb Available in Paging File | 80.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.04 Gb Total Space | 62.03 Gb Free Space | 42.18% Space Free | Partition Type: NTFS
Drive G: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive H: | 258.25 Gb Total Space | 68.87 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
Drive I: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive M: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive Q: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive T: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive U: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive X: | 212.43 Gb Total Space | 36.91 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive Y: | 2.00 Gb Total Space | 1.63 Gb Free Space | 81.42% Space Free | Partition Type: NTFS

Computer Name: YK1M007380 | User Name: harrisons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|[email protected],-25111|[email protected],-25112|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|[email protected],-25252|[email protected],-25257|[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|[email protected],-25352|[email protected],-25357|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25083|[email protected],-25088|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25062|[email protected],-25067|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25069|[email protected],-25074|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25076|[email protected],-25081|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|[email protected],-25027|[email protected],-25032|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|[email protected],-25020|[email protected],-25025|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|[email protected],-25002|[email protected],-25007|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|[email protected],-25117|[email protected],-25118|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|[email protected],-25013|[email protected],-25018|[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|[email protected],-25114|[email protected],-25115|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|[email protected],-25008|[email protected],-25011|[email protected],-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7F0DE60B-C1CF-4523-9AE9-A8D0E5E94136}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{EE37ACA7-529D-457E-B657-5E007F86CBEA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FC21D0CD-0EBF-428C-9CDF-78A54B10D17E}" = lport=3389 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08CC0474-C5C6-49A8-B130-6C0BE5E339F7}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{115D0CD0-6A40-4650-B9FC-0AD676B85F6D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{208C1792-9911-42CF-BEE6-C5A8337F96E8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2A339DD1-13F4-4E9C-9129-A924BEE23383}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{3B8E80A7-08DE-4DE4-92EE-40E561814521}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{412F47DB-ED50-4C2B-8D75-DDEB3339C1D1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{42B4ED22-C979-4121-820F-27FFEC26DF25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{436C4E6D-649C-4F45-8106-6B1FFD08C5FE}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{474743BB-62F5-470A-943C-4B1E6292C7D9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{476BF318-BE54-433F-8CB2-D5CEF44BF629}" = protocol=17 | dir=in | app=\\server4\iris\tt\iwinload.exe |
"{5E8687B6-B21B-4153-AC6D-862E74B59570}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{76E7B33D-9655-41B4-B40D-485941C87FF3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{862D5EB9-95AF-44D4-92BC-5ADBEBE86C0B}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{9A4736A3-15D1-4D9F-9A60-FE206BB6F546}" = protocol=17 | dir=in | app=c:\users\harrisons\appdata\roaming\dropbox\bin\dropbox.exe |
"{9A77988F-6B21-4125-92D8-013E329915D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1465713-AFEB-4930-8CCA-421B19425FEB}" = protocol=6 | dir=in | app=c:\users\harrisons\appdata\roaming\dropbox\bin\dropbox.exe |
"{B5AE5D2C-9451-4EE6-B27B-A125D8841EBF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{E1E70478-939C-40B1-A245-03B4C5666D02}" = protocol=6 | dir=in | app=\\server4\iris\tt\iwinload.exe |
"{E75A346B-279C-442F-BABE-581386567A1A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{F4062D7A-DE90-4E77-A40B-B654E6F9C77C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"TCP Query User{1564C903-7D69-43E0-A79C-8DD43A15F1D5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{89156EF3-110C-4421-82BD-83FBBACF0C02}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{174E214C-59EC-402E-961B-18930ECC497C}" = Iris Practice Software Workstation
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2C1CDB87-E1F0-6284-342B-C7B59BE21EBB}" = HydraVision
"{2E35D0C6-4A1D-8F15-31D5-0B2218BDA6D6}" = Catalyst Control Center Graphics Previews Vista
"{2FE06A39-6DD5-C808-60AA-9F1D22D8A003}" = ccc-core-static
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A4EBC3D-8F2F-4B8E-96C9-47064ADF54CE}" = Projector Calculator 1.16
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F3BB843-9363-119C-D395-711E3AA3B9A9}" = CCC Help English
"{46B35AC9-BE50-4BC4-A308-4EDEBF3D046F}" = Accounts
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{4BEAAAB8-9ED9-B2F4-4F34-3BA366AF44FC}" = Catalyst Control Center Graphics Light
"{4D21F997-85AD-42D2-986F-D91C4836438D}" = Accounts
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{59F66E08-CC71-4587-97B1-FEF2D89285DF}" = Brother HL-5240
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CE4C3B4-A33B-CA59-2A3C-563645590170}" = Catalyst Control Center Graphics Full New
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66B3C867-CAEC-DDDC-6CEB-611929EF0018}" = ccc-utility
"{6928A763-F432-1AC6-16B3-DE1E5E66BDAF}" = Catalyst Control Center Core Implementation
"{7061F715-D782-4120-A034-2B4B4F28CC1D}" = Accounts
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{75AAF8A4-AD33-44B5-8686-664FD71F78EE}" = LogMeIn Backup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{94207EF6-6A30-429D-BBE0-79731D3555F9}" = E-Z Audit Version 11
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9B4F367E-94AD-40A4-8060-460CE4A98C45}" = SageAcc
"{A11F2499-EDA8-4DFE-AD68-3C18E8B0FEB2}" = INVU Ocr
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7F9741B-F2F4-60D3-7DEE-1212F2663671}" = Catalyst Control Center Graphics Full Existing
"{A83C6C34-3007-422A-9E56-A74996BCCDBD}" = LogMeIn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB6B898-1D71-2F65-A53E-D0D25E49BF70}" = Catalyst Control Center Graphics Previews Common
"{D019D329-C05B-A0E0-F192-8E899FB9EB5D}" = ATI Catalyst Install Manager
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D1D5D4A1-FB9B-2BCD-9976-47067B15705C}" = ecoDrive
"{DABA5DDF-3EB5-4BC8-A20D-7B14C7B8F482}" = Sage SBD Desktop Install
"{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}" = Windows Small Business Server 2008 Desktop Links Gadget
"{E2BCC97F-A57F-ADE3-12F5-532B193CA671}" = Skins
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA9AAB32-160B-4FC1-AF18-71F11257C574}" = SolidWorks eDrawings 2010
"{EFC6C877-6E77-4E3B-B350-DF4F35D66B51}" = Accounts
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F90E143F-8EB2-4E41-BF4B-E00B046C33E5}" = Microsoft SQL Server Management Objects Collection
"{FA29B4EA-7179-FF92-0434-8B26C433125F}" = Catalyst Control Center HydraVision Full
"{FC0EB9AD-8222-4CB8-8EB6-67B92FB0FB37}" = Brother HL-5140
"{FC9D0B7B-5D95-411B-B14D-CD074E5CCA4A}" = Accounts
"{FCC8A40A-7250-4049-9913-B3B33C3873A5}" = INVU6
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belarc Advisor" = Belarc Advisor 7.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{46B35AC9-BE50-4BC4-A308-4EDEBF3D046F}" = Sage 50 Accounts 2008
"InstallShield_{4D21F997-85AD-42D2-986F-D91C4836438D}" = Sage 50 Accounts 2011
"InstallShield_{7061F715-D782-4120-A034-2B4B4F28CC1D}" = Sage 50 Accounts 2010
"InstallShield_{9B4F367E-94AD-40A4-8060-460CE4A98C45}" = Sage Accounts V11.00
"InstallShield_{EFC6C877-6E77-4E3B-B350-DF4F35D66B51}" = Sage 50 Accounts 2012
"InstallShield_{FC9D0B7B-5D95-411B-B14D-CD074E5CCA4A}" = Sage 50 Accounts 2009
"LAN-Fax Utilities" = LAN-Fax Utilities
"LogMeIn Backup" = LogMeIn Backup
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Money Manager" = Moneysoft Money Manager 6 Business Edition
"PROaudit for Windows v.3.01 11/10/05" = PROaudit for Windows v.3.01 11/10/05
"PROHYBRIDR" = 2007 Microsoft Office system
"Rapport_msi" = Rapport
"RealVNC_is1" = VNC 4.0
"Sage MIS 3.01" = Sage MIS 3.01
"Smartwizard Discovery_is1" = utility version 2.05.03
"vCAP" = vCAP
"zvprt40" = Zan Image Printer 4.0
"zvprt50" = Scan Worx Virtual Printer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#15
RKinner

Posted 19 January 2012 - 12:19 PM

Malware Expert

Expert
24,625 posts

You had an active Zero Access rootkit but it looks like Combofix got all of it. A really nasty thing that often damages the anti-virus program so you may need to reinstall it.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Uninstall:
Java™ 6 Update 11
Java™ 6 Update 5
Java™ 6 Update 7 - get the latest Java from java.com
Adobe Reader 9.4.1 - get the latest adobe reader from adobe.com

This is important as older versions of Java and Adobe Reader are vulnerable to the malware you had and may be why you got infected.
In both cases do not allow them to also install foistware like Yahoo Toolbar or McAfee Security Scan. If you accidentally get either then just uninstall them.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix. It shouldn't need to reboot.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls (You can tell it not to use the Avast engine if you want to make it go faster)
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

We need to run this to make sure there are no hidden partitions where the malware can hide. I don't think it will reboot and it should be fairly quick. This also checks the MBR to make sure it hasn't been compromised.

We usually check for TDSS with TDSSKiller because it often comes with Zero Access.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Run TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
Before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
If TDSSKiller alerts you that the system needs to reboot, please consent. (It will only want to reboot if it found TDSS)
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Finally we need to check for damages as this malware often removes some key services so that your firewall will no longer run and you won't be able to use encryption.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(It's normal for Vista to complain that it couldn't fix everything.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

As for additional protection you might look into the paid version of Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam.php

It is also important to keep your other software up to date so in addition to getting all of your MS updates so you should probably run something like
UpdateChecker:
http://www.filehippo.../updatechecker/
(seems to work best with Firefox as the default browser. Doesn't say a business can't use it for free.)

or
Secunia
http://secunia.com/
(Various flavors. The PSI version is free from what I can tell.)

Do you have a firewall protecting your corporate network?

Finally Vipre doesn't have the greatest reputation so when your contract is up for renewal you might want to look at Kaspersky or BitDefender or Avast.

Ron