OTL logfile created on: 8/17/2012 12:44:51 PM - Run 3
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\ballm\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.86 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 39.49% Memory free
3.72 Gb Paging File | 2.05 Gb Available in Paging File | 55.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.98 Gb Total Space | 98.70 Gb Free Space | 33.12% Space Free | Partition Type: NTFS
 
Computer Name: HILLTOPBALL | User Name: ballm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/08/17 01:24:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ballm\Desktop\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/25 09:00:06 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/17 05:48:42 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/17 05:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe
PRC - [2010/01/28 14:02:40 | 001,867,464 | ---- | M] (Blockbuster) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
PRC - [2010/01/22 15:28:48 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2010/01/12 10:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 10:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/11/04 13:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 13:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/04/21 22:01:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AESTFltr.exe
PRC - [2009/03/27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe
PRC - [2008/05/21 18:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2008/05/16 07:18:58 | 000,103,472 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/05/16 07:18:58 | 000,038,960 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012/08/16 23:09:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/11/09 21:42:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/17 05:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV)
SRV - [2010/02/18 15:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/28 14:02:40 | 001,867,464 | ---- | M] (Blockbuster) [Auto | Running] -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe -- (Movielink Core Service)
SRV - [2010/01/22 15:28:48 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/12 10:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/11/16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/11/04 13:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 13:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/21 18:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | System | Running] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\efavdrv.sys -- (efavdrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ballm\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/08/17 00:46:04 | 000,023,528 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OlmarikFixer.sys -- (OlmarikFixer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/16 16:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 16:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/03/17 05:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/10 17:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 07:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/12/18 16:02:26 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/11/16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/11/11 15:11:00 | 000,181,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/22 03:45:12 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/13 11:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/04/21 23:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/05/16 07:10:32 | 000,024,888 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 07:10:30 | 000,026,424 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 33 3D CD B8 CE CB 01  [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 33 3D CD B8 CE CB 01  [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
IE - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 8C 17 48 55 80 CB 01  [binary data]
IE - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\..\SearchScopes,DefaultScope = {D6E72E2D-DA94-44CE-B07D-C2E3EE673DCB}
IE - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\..\SearchScopes\{D6E72E2D-DA94-44CE-B07D-C2E3EE673DCB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLS_enUS405
IE - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\..\SearchScopes\{F4A15AE2-0389-4A65-A198-EB34A621FA09}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=740EF54A-2BB0-443F-8C08-8BB4D8E9C726&apn_sauid=8715F526-B35A-4A4A-B5D7-87FC3BE65071&
IE - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/11/09 16:38:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/08/16 22:57:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/08/16 22:56:57 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012/08/17 10:47:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\ballm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ballm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\..Trusted Domains: esped.com ([cambridge] https in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1078145449-1060284298-1645\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ARGYLEISD.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C722DFA-092E-423C-A27C-940E15B9E9FE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/08/17 11:08:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/17 11:07:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/17 11:07:57 | 000,000,000 | ---D | C] -- C:\Users\ballm\AppData\Local\temp
[2012/08/17 09:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/17 09:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/17 09:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/17 09:55:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/17 09:14:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/17 09:12:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/17 09:08:59 | 004,733,000 | R--- | C] (Swearware) -- C:\Users\ballm\Desktop\ComboFix.exe
[2012/08/17 09:00:15 | 000,000,000 | ---D | C] -- C:\Users\ballm\AppData\Roaming\Malwarebytes
[2012/08/17 08:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/17 08:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/17 08:59:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/17 08:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/17 08:15:36 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ballm\Desktop\tdsskiller.exe
[2012/08/17 01:24:32 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\ballm\Desktop\OTL.exe
[2012/08/17 00:46:04 | 000,023,528 | ---- | C] (ESET) -- C:\Windows\System32\drivers\OlmarikFixer.sys
[2012/08/17 00:02:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/17 00:02:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/17 00:02:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/17 00:02:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/17 00:02:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/17 00:02:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/17 00:02:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/16 23:09:11 | 009,232,584 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/08/16 23:08:16 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/16 23:06:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/08/16 19:04:57 | 000,000,000 | ---D | C] -- C:\Users\ballm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/08/17 12:20:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 12:09:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 10:47:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/17 09:15:01 | 004,733,000 | R--- | M] (Swearware) -- C:\Users\ballm\Desktop\ComboFix.exe
[2012/08/17 08:59:59 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/17 08:15:36 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ballm\Desktop\tdsskiller.exe
[2012/08/17 08:00:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 01:24:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ballm\Desktop\OTL.exe
[2012/08/17 01:09:38 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 01:09:38 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 01:02:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 00:59:45 | 1496,915,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/17 00:46:04 | 000,023,528 | ---- | M] (ESET) -- C:\Windows\System32\drivers\OlmarikFixer.sys
[2012/08/17 00:10:21 | 000,460,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/16 23:09:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/16 23:09:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/16 23:09:11 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/08/16 19:36:31 | 000,000,064 | ---- | M] () -- C:\ProgramData\-zdmX2eccuHK487r
[2012/08/16 19:36:31 | 000,000,064 | ---- | M] () -- C:\ProgramData\-zdmX2eccuHK487
[2012/08/06 20:39:06 | 000,639,534 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/06 20:39:06 | 000,111,590 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/08/17 09:57:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/17 09:57:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/17 09:57:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/17 09:57:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/17 09:57:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/17 08:59:59 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/16 19:04:58 | 000,000,064 | ---- | C] () -- C:\ProgramData\-zdmX2eccuHK487r
[2012/08/16 19:04:58 | 000,000,064 | ---- | C] () -- C:\ProgramData\-zdmX2eccuHK487
[2011/12/27 14:05:07 | 000,213,928 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/14 23:07:32 | 000,001,065 | ---- | C] () -- C:\Program Files\Documents - Shortcut.lnk
[2011/06/08 15:51:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/22 22:26:06 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/22 22:26:06 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/22 17:37:15 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2011/01/14 13:31:11 | 000,013,777 | ---- | C] () -- C:\Windows\Swiss8.ini
[2010/12/29 23:33:28 | 000,000,013 | ---- | C] () -- C:\Users\ballm\cvdm.err
[2010/09/01 20:41:11 | 000,018,964 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\erdnt\cache\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
[color=#A23BEC]< MD5 for: QMGR.DLL  >[/color]
[2009/07/13 20:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
[2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll
 
[color=#A23BEC]< MD5 for: SERVICES  >[/color]
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
[color=#A23BEC]< MD5 for: SERVICES.CFG  >[/color]
[2012/07/27 15:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
[color=#A23BEC]< MD5 for: SERVICES.EXE.MUI  >[/color]
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
 
[color=#A23BEC]< MD5 for: SERVICES.LNK  >[/color]
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
[color=#A23BEC]< MD5 for: SERVICES.MOF  >[/color]
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
[color=#A23BEC]< MD5 for: SERVICES.MSC  >[/color]
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
[color=#A23BEC]< MD5 for: SERVICES.PTXML  >[/color]
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >[/color]
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %systemroot%\system32\qmgr.dll -- [2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2010/11/20 07:18:07 | 000,019,456 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2002
"Last Counter" = 2018
"First Help" = 2003
"Last Help" = 2019
"Object List" = 2002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]

< End of report >