OTL logfile created on: 9/22/2012 5:56:22 PM - Run 4
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Documents and Settings\Cheryl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.26% Memory free
3.84 Gb Paging File | 3.41 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 214.84 Gb Free Space | 72.07% Space Free | Partition Type: NTFS
 
Computer Name: CHERYL-A778CF1B | User Name: Cheryl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/09/22 10:37:19 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/21 00:57:02 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/16 16:22:48 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/05/16 16:17:30 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2012/03/14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 08:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012/03/14 08:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012/03/14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzum.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{250C7536-B7B6-4F09-81CE-E24F48991F60}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
IE - HKCU\..\SearchScopes\{FE11CF33-D391-4897-934E-C275DFD256EF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enCA484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/09/21 23:11:06 | 000,000,000 | ---D | M]
 
[2012/09/16 22:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2012/09/22 17:53:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blogspot.ca ([mama-nibbles] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342092933781 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/16 16:11:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/09/22 15:15:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/22 10:37:13 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2012/09/22 04:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2012/09/22 04:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Start Menu\Programs\HiJackThis
[2012/09/22 02:53:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/22 02:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/22 01:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/22 01:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/09/21 23:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\ESET
[2012/09/21 23:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\ESET
[2012/09/21 23:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/09/21 23:06:29 | 001,374,624 | ---- | C] (ESET) -- C:\Documents and Settings\Cheryl\Desktop\eset_smart_security_live_installer.exe
[2012/09/20 14:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/09/20 14:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\GFI Software
[2012/09/20 14:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\Avg2013
[2012/09/18 22:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\TuneUp Software
[2012/09/18 22:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/09/18 22:26:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/18 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\MFAData
[2012/09/18 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/18 00:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/18 00:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/18 00:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/09/17 14:32:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cheryl\Recent
[2012/09/16 22:17:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/09/16 22:17:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/09/16 22:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/15 11:59:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/09/22 17:56:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/22 17:55:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/22 17:53:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/09/22 15:07:53 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\printscreen of Malwarebytes Scan.bmp
[2012/09/22 12:28:11 | 000,058,854 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\untitled.bmp
[2012/09/22 12:23:39 | 000,020,728 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\cute_hospital_get_well_soon_card-p137063454824366692b2icl_400.jpg
[2012/09/22 10:57:35 | 000,512,737 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\adwcleaner.exe
[2012/09/22 10:37:19 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2012/09/22 04:02:46 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\HiJackThis.lnk
[2012/09/22 03:05:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/09/22 03:03:16 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\registered copy malwarebytes.rtf
[2012/09/22 02:53:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 01:31:02 | 000,001,064 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/09/22 01:08:42 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Spybot - Search & Destroy.lnk
[2012/09/21 23:06:36 | 001,374,624 | ---- | M] (ESET) -- C:\Documents and Settings\Cheryl\Desktop\eset_smart_security_live_installer.exe
[2012/09/21 22:51:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/21 21:15:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{30802A31-A78A-4571-AA68-EA7AA678B793}.job
[2012/09/21 11:16:39 | 000,000,359 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\registration code for kespersky 2012.rtf
[2012/09/21 11:12:31 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db
[2012/09/20 15:00:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2012/09/20 03:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/09/19 13:43:48 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/09/18 22:17:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/18 00:28:17 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/17 14:34:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/31 21:41:37 | 000,015,234 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\293478_4339416124823_1175473176_n.jpg
[2012/08/29 19:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe
[2012/08/25 18:34:10 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/09/22 15:07:52 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\printscreen of Malwarebytes Scan.bmp
[2012/09/22 12:28:11 | 000,058,854 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\untitled.bmp
[2012/09/22 12:23:52 | 000,020,728 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\cute_hospital_get_well_soon_card-p137063454824366692b2icl_400.jpg
[2012/09/22 10:57:33 | 000,512,737 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\adwcleaner.exe
[2012/09/22 04:02:24 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\HiJackThis.lnk
[2012/09/22 02:56:04 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\registered copy malwarebytes.rtf
[2012/09/22 02:53:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 01:30:56 | 000,001,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/09/22 01:08:42 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Spybot - Search & Destroy.lnk
[2012/09/21 22:51:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/09/21 11:16:38 | 000,000,359 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\registration code for kespersky 2012.rtf
[2012/09/21 11:12:29 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db
[2012/09/20 15:00:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2012/09/20 14:58:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012/09/19 13:43:56 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/08/31 21:43:07 | 000,015,234 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\293478_4339416124823_1175473176_n.jpg
[2012/08/29 19:15:30 | 003,782,214 | ---- | C] () -- C:\chatzum_nt.exe
[2012/06/20 21:48:12 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/05/26 21:49:01 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/16 20:24:29 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 17:03:41 | 000,205,652 | ---- | C] () -- C:\WINDOWS\hpoins50.dat
[2012/05/16 17:03:41 | 000,001,241 | ---- | C] () -- C:\WINDOWS\hpomdl50.dat
[2012/05/16 16:40:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/16 16:26:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2012/05/16 16:13:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/16 16:09:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/16 12:03:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/16 12:02:32 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2012/05/31 23:08:23 | 000,060,442 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\cheryl\n.JPG
[2010/03/11 16:08:46 | 001,097,640 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\soph\u.JPG
[2009/10/09 00:20:14 | 002,500,956 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\Sweet Sophie\l.jpg
[2009/10/09 00:20:14 | 002,568,745 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\Sweet Sophie\n.jpg
[2010/11/15 01:05:47 | 001,166,454 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\pics from carries FB\n.bmp
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/09/18 22:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/20 14:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/09/18 22:26:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/20 14:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/05/26 23:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2012/09/21 23:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/05/25 01:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/09/20 14:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/16 20:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/07/25 11:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/05/27 11:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2012/05/16 17:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/27 12:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\EasiestSoft
[2012/09/21 23:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\ESET
[2012/07/25 01:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\IObit
[2012/05/28 12:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Media Player Lite
[2012/05/16 16:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Oracle
[2012/09/18 22:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\TuneUp Software
[2012/07/25 11:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Visan
[2012/05/27 11:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Wondershare Video Converter Ultimate
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >