OTL logfile created on: 9/22/2012 11:42:16 AM - Run 3 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\Cheryl\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.40% Memory free 3.84 Gb Paging File | 3.35 Gb Available in Paging File | 87.14% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 214.87 Gb Free Space | 72.08% Space Free | Partition Type: NTFS Computer Name: CHERYL-A778CF1B | User Name: Cheryl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/09/22 10:37:19 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2012/03/07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/09/21 00:57:02 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/05/16 16:22:48 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2012/05/16 16:17:30 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2012/03/14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw) DRV - [2012/03/14 08:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi) DRV - [2012/03/14 08:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2012/03/14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2012/03/14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm588YYca&ptnrS=ZUxdm588YYca&si=COmM2ZDjs7ECFeUBQAodFxMArQ&ptb=F1B234B0-D347-4072-AEED-1FB1C2AD694B&ind=2012072422&n=77edc9e6&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{FE11CF33-D391-4897-934E-C275DFD256EF}: "URL" = http://search.chatzum.com/?q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\InprocServer32 File not found IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzum.com/?q={searchTerms} IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes\{250C7536-B7B6-4F09-81CE-E24F48991F60}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms} IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes\{FE11CF33-D391-4897-934E-C275DFD256EF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enCA484 IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@ei.MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/09/21 23:11:06 | 000,000,000 | ---D | M] [2012/09/16 22:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2012/09/22 02:38:02 | 000,444,321 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15263 more lines... O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - Reg Error: Value error. File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..Trusted Domains: blogspot.ca ([mama-nibbles] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342092933781 (MUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/05/16 16:11:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/09/22 10:37:13 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe [2012/09/22 04:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro [2012/09/22 04:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Start Menu\Programs\HiJackThis [2012/09/22 02:53:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/09/22 02:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/09/22 01:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012/09/22 01:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2012/09/21 23:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\ESET [2012/09/21 23:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\ESET [2012/09/21 23:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET [2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET [2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET [2012/09/21 23:06:29 | 001,374,624 | ---- | C] (ESET) -- C:\Documents and Settings\Cheryl\Desktop\eset_smart_security_live_installer.exe [2012/09/20 14:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2012/09/20 14:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\GFI Software [2012/09/20 14:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\Avg2013 [2012/09/18 22:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\TuneUp Software [2012/09/18 22:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013 [2012/09/18 22:26:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/09/18 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\MFAData [2012/09/18 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/09/18 00:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/09/18 00:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2012/09/18 00:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2012/09/17 14:32:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cheryl\Recent [2012/09/16 22:17:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions [2012/09/16 22:17:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins [2012/09/16 22:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/09/15 11:59:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/09/22 11:28:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/09/22 10:57:35 | 000,512,737 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\adwcleaner.exe [2012/09/22 10:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/09/22 10:37:19 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe [2012/09/22 04:02:46 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\HiJackThis.lnk [2012/09/22 03:05:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2012/09/22 03:03:16 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\registered copy malwarebytes.rtf [2012/09/22 02:53:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/22 02:38:02 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/09/22 01:31:02 | 000,001,064 | ---- | M] () -- C:\WINDOWS\wininit.ini [2012/09/22 01:08:42 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Spybot - Search & Destroy.lnk [2012/09/21 23:06:36 | 001,374,624 | ---- | M] (ESET) -- C:\Documents and Settings\Cheryl\Desktop\eset_smart_security_live_installer.exe [2012/09/21 22:51:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/09/21 21:15:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{30802A31-A78A-4571-AA68-EA7AA678B793}.job [2012/09/21 11:16:39 | 000,000,359 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\registration code for kespersky 2012.rtf [2012/09/21 11:12:31 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db [2012/09/20 15:00:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat [2012/09/20 03:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job [2012/09/19 13:43:48 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll [2012/09/18 22:17:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/09/18 00:28:17 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/09/17 14:34:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/08/31 21:41:37 | 000,015,234 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\293478_4339416124823_1175473176_n.jpg [2012/08/29 19:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe [2012/08/25 18:34:10 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/09/22 10:57:33 | 000,512,737 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\adwcleaner.exe [2012/09/22 04:02:24 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\HiJackThis.lnk [2012/09/22 02:56:04 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\registered copy malwarebytes.rtf [2012/09/22 02:53:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/22 01:30:56 | 000,001,064 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012/09/22 01:08:42 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Spybot - Search & Destroy.lnk [2012/09/21 22:51:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012/09/21 11:16:38 | 000,000,359 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\registration code for kespersky 2012.rtf [2012/09/21 11:12:29 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db [2012/09/20 15:00:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat [2012/09/20 14:58:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2012/09/19 13:43:56 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll [2012/08/31 21:43:07 | 000,015,234 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\293478_4339416124823_1175473176_n.jpg [2012/08/29 19:15:30 | 003,782,214 | ---- | C] () -- C:\chatzum_nt.exe [2012/06/20 21:48:12 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2012/05/26 21:49:01 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/05/16 20:24:29 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/16 17:03:41 | 000,205,652 | ---- | C] () -- C:\WINDOWS\hpoins50.dat [2012/05/16 17:03:41 | 000,001,241 | ---- | C] () -- C:\WINDOWS\hpomdl50.dat [2012/05/16 16:40:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/05/16 16:26:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll [2012/05/16 16:13:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/05/16 16:09:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/05/16 12:03:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/05/16 12:02:32 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [color=#E56717]========== ZeroAccess Check ==========[/color] [2012/05/31 23:08:23 | 000,060,442 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\cheryl\n.JPG [2010/03/11 16:08:46 | 001,097,640 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\soph\u.JPG [2009/10/09 00:20:14 | 002,500,956 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\Sweet Sophie\l.jpg [2009/10/09 00:20:14 | 002,568,745 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\Sweet Sophie\n.jpg [2010/11/15 01:05:47 | 001,166,454 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\pics from carries FB\n.bmp [color=#E56717]========== LOP Check ==========[/color] [2012/09/18 22:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2012/09/20 14:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013 [2012/09/18 22:26:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/09/20 14:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2012/05/26 23:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND [2012/09/21 23:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2012/05/25 01:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit [2012/09/20 14:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/05/16 20:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm [2012/07/25 11:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan [2012/05/27 11:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param [2012/05/16 17:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/05/27 12:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\EasiestSoft [2012/09/21 23:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\ESET [2012/07/25 01:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\IObit [2012/05/28 12:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Media Player Lite [2012/05/16 16:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Oracle [2012/09/18 22:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\TuneUp Software [2012/07/25 11:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Visan [2012/05/27 11:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Wondershare Video Converter Ultimate [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Base Services ==========[/color] SRV - [2008/04/14 08:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG) SRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser) SRV - [2008/04/14 08:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc) SRV - [2008/04/14 08:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp) SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache) SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog) SRV - [2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost) SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility) SRV - [2008/04/14 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2008/04/14 08:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService) SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent) SRV - [2008/04/14 08:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver) SRV - [2008/04/14 08:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin) SRV - [2008/04/14 08:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv) SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon) SRV - [2008/04/14 08:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman) SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay) SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage) SRV - [2008/04/14 08:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto) SRV - [2008/04/14 08:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan) SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) SRV - [2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc) SRV - [2008/04/14 08:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon) SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs) SRV - [2008/04/14 08:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc) SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer) SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection) SRV - [2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice) SRV - [2008/04/14 08:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule) SRV - [2008/04/14 08:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts) SRV - [2008/04/14 08:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv) SRV - [2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService) SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes) SRV - [2008/04/14 08:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS) SRV - [2008/04/14 08:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv) SRV - [2008/04/14 08:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) SRV - [2008/04/14 08:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) SRV - [2008/04/14 08:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer) SRV - [2008/04/14 08:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt) No service found with a name of Wmi SRV - [2008/04/14 08:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc) SRV - [2008/04/14 08:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC) SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation) [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2012/08/29 19:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe [color=#A23BEC]< MD5 for: QMGR.DLL >[/color] [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll [color=#A23BEC]< MD5 for: SERVICES >[/color] [2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services [color=#A23BEC]< MD5 for: SERVICES.CFG >[/color] [2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg [2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe [color=#A23BEC]< MD5 for: SERVICES.LNK >[/color] [2012/05/26 23:14:59 | 000,001,602 | ---- | M] () MD5=1491F408074122E50AE5309F86B1E5F8 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk [color=#A23BEC]< MD5 for: SERVICES.MSC >[/color] [2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc [color=#A23BEC]< MD5 for: SERVICES.SBS >[/color] [2011/03/01 03:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< >[/color] [2012/05/16 16:10:31 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2012/05/16 16:14:29 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2012/05/16 16:28:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2012/05/16 17:39:16 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{30802A31-A78A-4571-AA68-EA7AA678B793}.job [2012/05/26 23:14:31 | 000,000,384 | ---- | C] () -- C:\WINDOWS\Tasks\ErrorEND.job < End of report >