OTL logfile created on: 8/22/2013 8:42:52 AM - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elaine\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 49.76% Memory free 3.98 Gb Paging File | 2.97 Gb Available in Paging File | 74.79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140.37 Gb Total Space | 109.36 Gb Free Space | 77.91% Space Free | Partition Type: NTFS Computer Name: ELAINE-MOBILE | User Name: Elaine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/08/22 00:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008/04/15 21:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/04/15 21:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008/04/08 19:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/02/06 17:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe PRC - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013/06/11 22:14:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation) SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008/04/16 19:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi) SRV - [2008/04/15 21:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010/09/30 12:08:58 | 000,056,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNDIS) DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2008/07/28 19:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/07/18 22:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2008/04/28 20:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2008/01/18 12:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV) DRV - [2007/12/14 15:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007/04/09 09:50:34 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr) DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\afc.sys -- (Afc) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{3ED5066F-2E25-4157-8D56-93A3E571B355}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB IE - HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\..\SearchScopes\{3ED5066F-2E25-4157-8D56-93A3E571B355}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB IE - HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080 O1 HOSTS File: ([2013/08/21 08:51:46 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0441260C-897F-4DCB-82D7-345D0A7AF92A}: DhcpNameServer = 68.94.156.1 68.94.157.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: DhcpNameServer = 208.67.222.222 208.67.220.220 24.247.15.53 O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data - No CLSID value found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/08/22 08:15:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/08/22 08:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics [2013/08/22 00:37:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe [2013/08/21 23:13:20 | 000,000,000 | ---D | C] -- C:\Users\Elaine\Desktop\logsArch [2013/08/21 08:56:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013/08/21 08:56:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2 [2013/08/21 08:56:02 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/08/20 00:57:30 | 000,000,000 | ---D | C] -- C:\RegBackup [2013/08/19 10:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2013/08/19 10:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com [2013/08/18 11:45:33 | 000,000,000 | ---D | C] -- C:\slax-was [2013/08/18 04:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack [2013/08/17 18:23:23 | 000,000,000 | ---D | C] -- C:\Users\Elaine\Desktop\horde [2013/08/17 17:53:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013/08/17 16:17:38 | 000,000,000 | ---D | C] -- C:\Windows\Temp56E49422-C2E8-2BA8-8125-FBD51B514918-Signatures [2013/08/17 15:08:33 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013/08/17 15:08:33 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013/08/17 15:07:50 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2013/08/17 15:07:50 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/08/17 15:07:50 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/08/17 15:07:50 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/08/17 15:07:49 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/08/17 15:07:49 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/08/17 15:07:49 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013/08/17 15:07:49 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/08/17 15:07:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/08/17 15:07:45 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013/08/17 15:07:45 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013/08/17 15:07:31 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013/08/17 15:07:22 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/08/17 15:07:22 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/08/17 15:07:21 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013/08/17 15:06:51 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/08/17 15:06:46 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/08/17 15:06:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/08/17 15:06:45 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/08/17 15:06:45 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/08/17 15:06:45 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/08/17 15:06:45 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/08/17 15:06:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/08/17 15:06:44 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/08/17 15:06:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/08/17 15:06:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2013/08/17 15:06:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013/08/17 15:06:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013/08/17 15:06:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013/08/17 15:06:36 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/08/22 08:42:37 | 000,000,174 | ---- | M] () -- C:\Users\Elaine\Desktop\Computer infected with MBR Alureon-G [Rtk] - Geeks to Go Forums.url [2013/08/22 08:24:50 | 000,610,166 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/08/22 08:24:50 | 000,106,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/08/22 08:18:49 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/08/22 08:18:49 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/08/22 08:18:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/08/22 08:15:00 | 000,975,858 | ---- | M] () -- C:\Users\Elaine\Desktop\AdwCleaner.exe [2013/08/22 06:37:25 | 000,000,914 | ---- | M] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/08/22 06:10:24 | 000,027,261 | ---- | M] () -- C:\Users\Elaine\Documents\CcRegMods.rar [2013/08/22 05:52:10 | 000,039,118 | ---- | M] () -- C:\Users\Elaine\Desktop\DocumentsEMLs.rar [2013/08/22 05:08:42 | 000,219,870 | ---- | M] () -- C:\Users\Elaine\Desktop\bookmarks.html [2013/08/22 05:02:51 | 000,019,890 | ---- | M] () -- C:\Users\Elaine\Desktop\password-export-2013-08-22.csv [2013/08/22 00:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe [2013/08/22 00:36:26 | 000,411,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/08/22 00:26:47 | 000,000,267 | ---- | M] () -- C:\Users\Elaine\Desktop\OTL Tutorial - How to use OldTimer ListIt - Geeks to Go Forums.URL [2013/08/21 11:19:33 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini [2013/08/21 08:51:46 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/08/21 07:51:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013/08/21 07:51:35 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt [2013/08/21 07:51:35 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat [2013/08/20 02:18:27 | 001,118,208 | ---- | M] () -- C:\Users\Elaine\Desktop\appeventlog.evtx [2013/08/20 01:11:27 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_212 [2013/08/20 00:58:24 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ELAINE-MOBILE-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat [2013/08/20 00:44:27 | 000,447,726 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_764 [2013/08/19 13:13:04 | 000,000,680 | ---- | M] () -- C:\Users\Elaine\AppData\Local\d3d9caps.dat [2013/08/19 10:56:15 | 000,001,923 | ---- | M] () -- C:\Users\Elaine\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2013/08/18 10:37:33 | 409,793,608 | ---- | M] () -- C:\Users\Elaine\Desktop\Kodak_1.rar [2013/08/18 10:28:06 | 000,000,145 | ---- | M] () -- C:\Users\Elaine\Desktop\CD Drive.lnk [2013/08/17 17:47:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/07/30 00:30:25 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/07/30 00:29:35 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2013/07/30 00:29:30 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/30 00:29:15 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/30 00:29:09 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/07/30 00:29:09 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/07/30 00:29:08 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013/07/29 18:27:31 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/07/29 18:12:28 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/08/22 08:42:37 | 000,000,174 | ---- | C] () -- C:\Users\Elaine\Desktop\Computer infected with MBR Alureon-G [Rtk] - Geeks to Go Forums.url [2013/08/22 08:14:57 | 000,975,858 | ---- | C] () -- C:\Users\Elaine\Desktop\AdwCleaner.exe [2013/08/22 06:37:25 | 000,000,914 | ---- | C] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/08/22 06:09:55 | 000,027,261 | ---- | C] () -- C:\Users\Elaine\Documents\CcRegMods.rar [2013/08/22 05:52:10 | 000,039,118 | ---- | C] () -- C:\Users\Elaine\Desktop\DocumentsEMLs.rar [2013/08/22 05:08:42 | 000,219,870 | ---- | C] () -- C:\Users\Elaine\Desktop\bookmarks.html [2013/08/22 05:02:51 | 000,019,890 | ---- | C] () -- C:\Users\Elaine\Desktop\password-export-2013-08-22.csv [2013/08/22 00:26:47 | 000,000,267 | ---- | C] () -- C:\Users\Elaine\Desktop\OTL Tutorial - How to use OldTimer ListIt - Geeks to Go Forums.URL [2013/08/21 11:19:28 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini [2013/08/20 02:18:27 | 001,118,208 | ---- | C] () -- C:\Users\Elaine\Desktop\appeventlog.evtx [2013/08/20 00:58:24 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ELAINE-MOBILE-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat [2013/08/19 10:56:15 | 000,001,923 | ---- | C] () -- C:\Users\Elaine\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2013/08/19 09:16:21 | 000,000,680 | ---- | C] () -- C:\Users\Elaine\AppData\Local\d3d9caps.dat [2013/08/18 10:33:08 | 409,793,608 | ---- | C] () -- C:\Users\Elaine\Desktop\Kodak_1.rar [2013/08/18 10:28:06 | 000,000,145 | ---- | C] () -- C:\Users\Elaine\Desktop\CD Drive.lnk [2013/01/15 21:27:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll [2012/09/23 16:35:12 | 000,097,070 | ---- | C] () -- C:\Users\Elaine\RX request Silverscript.pdf [2012/07/20 12:02:29 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012/03/31 21:06:12 | 000,000,071 | ---- | C] () -- C:\Windows\ENX430.ini [2010/09/30 04:31:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/05/15 20:14:54 | 000,202,910 | ---- | C] () -- C:\Users\Elaine\printable.pdf [2010/05/08 21:54:17 | 000,280,521 | ---- | C] () -- C:\Users\Elaine\IMG010 july 2009.jpg [2010/03/31 11:54:54 | 000,450,560 | ---- | C] () -- C:\Users\Elaine\liveonline_3624997.exe [2009/08/10 18:15:10 | 000,004,916 | ---- | C] () -- C:\Users\Elaine\Elaine's Calendar.ics [2009/06/03 13:01:28 | 000,119,911 | ---- | C] () -- C:\Users\Elaine\kodak caera.htm [2009/05/21 16:55:45 | 000,000,218 | ---- | C] () -- C:\Users\Elaine\.recently-used.xbel [2009/05/19 11:45:25 | 000,026,340 | ---- | C] () -- C:\Users\Elaine\AppData\Roaming\UserTile.png [2009/05/11 09:44:12 | 000,004,608 | ---- | C] () -- C:\Users\Elaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/05/04 09:34:05 | 000,620,737 | ---- | C] () -- C:\Users\Elaine\sielski address.xps [2009/04/18 15:17:07 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Base Services ==========[/color] SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc) SRV - [2008/01/20 22:33:54 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo) SRV - [2008/01/20 22:33:53 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG) SRV - [2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS) SRV - [2009/04/11 02:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE) SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso) SRV - [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem) SRV - [2008/01/20 22:34:20 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser) SRV - [2013/07/08 00:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc) SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch) SRV - [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp) SRV - [2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache) SRV - [2008/01/20 22:34:51 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost) SRV - [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv) SRV - [2008/01/20 22:33:46 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2009/04/11 02:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent) SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2009/04/11 02:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv) SRV - [2008/01/20 22:34:43 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS) SRV - [2008/01/20 22:33:50 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman) SRV - [2008/01/20 22:34:04 | 000,237,056 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm) SRV - [2008/01/20 22:33:15 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc) SRV - [2008/01/20 22:34:35 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi) SRV - [2009/04/11 02:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay) SRV - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler) SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage) SRV - [2009/04/11 02:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt) SRV - [2008/01/20 22:34:00 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto) SRV - [2009/04/11 02:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan) SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) SRV - [2008/01/20 22:34:19 | 000,019,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon) SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs) SRV - [2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc) SRV - [2010/09/06 12:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer) SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection) SRV - [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc) SRV - [2010/11/04 14:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule) SRV - [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv) SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes) SRV - [2009/04/11 02:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc) SRV - [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS) SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv) SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder) SRV - [2008/01/20 22:32:53 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC) SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/04/11 02:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog) SRV - [2009/04/11 02:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc) SRV - [2009/04/11 02:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc) SRV - [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver) SRV - [2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt) SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv) SRV - [2009/04/11 02:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc) SRV - [2009/07/11 15:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc) SRV - [2009/06/10 07:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation) [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/20 22:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [color=#A23BEC]< MD5 for: SERVICES >[/color] [2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services [2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services [color=#A23BEC]< MD5 for: SERVICES.CFG >[/color] [2013/05/10 03:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg [2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2008/01/20 22:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe [2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [color=#A23BEC]< MD5 for: SERVICES.EXE.MUI >[/color] [2006/11/02 08:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui [2006/11/02 08:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui [color=#A23BEC]< MD5 for: SERVICES.LNK >[/color] [2008/01/20 22:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2008/01/20 22:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [color=#A23BEC]< MD5 for: SERVICES.MOF >[/color] [2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof [2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof [2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof [color=#A23BEC]< MD5 for: SERVICES.MSC >[/color] [2006/11/02 08:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc [2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc [2006/11/02 08:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc [2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc [color=#A23BEC]< MD5 for: SERVICES.RDB >[/color] [2009/01/21 17:12:28 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb [2009/01/21 17:11:40 | 005,406,720 | ---- | M] () MD5=A7BCF13ADCF409DFF726923F5A9405B4 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb [color=#A23BEC]< MD5 for: SERVICES.TXT >[/color] [2010/03/15 10:10:46 | 000,000,978 | ---- | M] () MD5=FBBD4A9A3BD635843571EA8E7C061C9A -- C:\Program Files\Microsoft Baseline Security Analyzer 2\Services.txt [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< dir C:\ /S /A:L /C >[/color] Volume in drive C is SQ004890V03 Volume Serial Number is 1E7E-7781 Directory of C:\ 11/02/2006 08:59 AM Documents and Settings [..] 0 File(s) 0 bytes Directory of C:\ProgramData 11/02/2006 08:59 AM Application Data [..] 11/02/2006 08:59 AM Desktop [..] 11/02/2006 08:59 AM Documents [..] 11/02/2006 08:59 AM Favorites [..] 11/02/2006 08:59 AM Start Menu [..] 11/02/2006 08:59 AM Templates [..] 0 File(s) 0 bytes Directory of C:\Users 11/02/2006 08:59 AM All Users [C:\ProgramData] 11/02/2006 08:59 AM Default User [..] 0 File(s) 0 bytes Directory of C:\Users\All Users 11/02/2006 08:59 AM Application Data [..] 11/02/2006 08:59 AM Desktop [..] 11/02/2006 08:59 AM Documents [..] 11/02/2006 08:59 AM Favorites [..] 11/02/2006 08:59 AM Start Menu [..] 11/02/2006 08:59 AM Templates [..] 0 File(s) 0 bytes Directory of C:\Users\Default 11/02/2006 08:59 AM Application Data [..] 11/02/2006 08:59 AM Cookies [..] 11/02/2006 08:59 AM Local Settings [..] 11/02/2006 08:59 AM My Documents [..] 11/02/2006 08:59 AM NetHood [..] 11/02/2006 08:59 AM PrintHood [..] 11/02/2006 08:59 AM Recent [..] 11/02/2006 08:59 AM SendTo [..] 11/02/2006 08:59 AM Start Menu [..] 11/02/2006 08:59 AM Templates [..] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 11/02/2006 08:59 AM Application Data [..] 11/02/2006 08:59 AM History [..] 11/02/2006 08:59 AM Temporary Internet Files [..] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 11/02/2006 08:59 AM My Music [..] 11/02/2006 08:59 AM My Pictures [..] 11/02/2006 08:59 AM My Videos [..] 0 File(s) 0 bytes Directory of C:\Users\Elaine 04/18/2009 02:55 PM Application Data [C:\Users\Elaine\AppData\Roaming] 04/18/2009 02:55 PM Cookies [C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Cookies] 04/18/2009 02:55 PM Local Settings [C:\Users\Elaine\AppData\Local] 04/18/2009 02:55 PM My Documents [C:\Users\Elaine\Documents] 04/18/2009 02:55 PM NetHood [C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 04/18/2009 02:55 PM PrintHood [C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 04/18/2009 02:55 PM Recent [C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Recent] 04/18/2009 02:55 PM SendTo [C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\SendTo] 04/18/2009 02:55 PM Start Menu [C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu] 04/18/2009 02:55 PM Templates [C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Elaine\AppData\Local 04/18/2009 02:55 PM Application Data [C:\Users\Elaine\AppData\Local] 04/18/2009 02:55 PM History [C:\Users\Elaine\AppData\Local\Microsoft\Windows\History] 04/18/2009 02:55 PM Temporary Internet Files [C:\Users\Elaine\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Elaine\Documents 04/18/2009 02:55 PM My Music [C:\Users\Elaine\Music] 04/18/2009 02:55 PM My Pictures [C:\Users\Elaine\Pictures] 04/18/2009 02:55 PM My Videos [C:\Users\Elaine\Videos] 0 File(s) 0 bytes Directory of C:\Users\Public\Documents 11/02/2006 08:59 AM My Music [C:\Users\Public\Music] 11/02/2006 08:59 AM My Pictures [C:\Users\Public\Pictures] 11/02/2006 08:59 AM My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Windows\System32\config\systemprofile 09/30/2008 03:15 PM Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming] 09/30/2008 03:15 PM Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies] 09/30/2008 03:15 PM Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local] 09/30/2008 03:15 PM My Documents [C:\Windows\system32\config\systemprofile\Documents] 09/30/2008 03:15 PM NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 09/30/2008 03:15 PM PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 09/30/2008 03:15 PM Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent] 09/30/2008 03:15 PM SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo] 09/30/2008 03:15 PM Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu] 09/30/2008 03:15 PM Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows\System32\config\systemprofile\AppData\Local 09/30/2008 03:15 PM Application Data [C:\Windows\system32\config\systemprofile\AppData\Local] 09/30/2008 03:15 PM History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History] 09/30/2008 03:15 PM Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Windows\System32\config\systemprofile\Documents 09/30/2008 03:15 PM My Music [C:\Windows\system32\config\systemprofile\Music] 09/30/2008 03:15 PM My Pictures [C:\Windows\system32\config\systemprofile\Pictures] 09/30/2008 03:15 PM My Videos [C:\Windows\system32\config\systemprofile\Videos] 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 66 Dir(s) 117,356,060,672 bytes free [color=#A23BEC]< >[/color] < End of report >