Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware "buy this fix" [Closed]

Started by Tailer , Aug 18 2012 02:01 PM

  • This topic is locked This topic is locked

#1
Tailer
Posted 18 August 2012 - 02:01 PM

Tailer

    New Member

  • Member
  • Pip
  • 3 posts
I went to a website, tried opening something and that was it. The old your infected, send money and I'll fix it came up. I ran Malwarebytes, got rid of 4 pups. But I don't have any files. My documents, my pictures are covered with a film and I can't get to them, without the film over them. Malwarebytes keeps coming up with blocked potentially harmful website. All my other programs aren't showing up. Can't get to Internet Explorer. Only Google Chrome is showing up.
This is my OTI.log


OTL logfile created on: 8/18/2012 11:19:38 AM - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Documents and Settings\ann\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 344.58 Mb Available Physical Memory | 35.95% Memory free
2.26 Gb Paging File | 1.28 Gb Available in Paging File | 56.85% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.26 Gb Total Space | 200.15 Gb Free Space | 88.46% Space Free | Partition Type: NTFS

Computer Name: JERRY | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/18 11:18:49 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ann\My Documents\Downloads\OTL.exe
PRC - [2012/08/13 21:31:01 | 001,229,848 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/07/13 16:19:16 | 000,646,800 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | -H-- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/15 12:26:22 | 000,095,232 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | -H-- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/10/25 07:59:16 | 000,244,960 | -H-- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | -H-- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/13 21:30:59 | 000,442,392 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll
MOD - [2012/08/13 21:30:58 | 012,235,288 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
MOD - [2012/08/13 21:30:57 | 003,997,720 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll
MOD - [2012/08/13 21:29:28 | 000,144,424 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avutil-51.dll
MOD - [2012/08/13 21:29:27 | 000,266,792 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avformat-54.dll
MOD - [2012/08/13 21:29:26 | 002,480,680 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll
MOD - [2012/06/13 09:11:14 | 000,221,696 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/12 21:51:03 | 013,197,824 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/12 21:46:18 | 001,666,048 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/12 03:26:38 | 000,762,368 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:26:36 | 000,786,944 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 03:26:35 | 000,646,656 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/12 03:06:51 | 006,798,336 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/12 03:05:40 | 000,980,480 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/12 03:05:38 | 005,618,176 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/12 03:05:26 | 007,052,800 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/12 03:05:10 | 009,090,560 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/12 03:05:01 | 014,412,800 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/10/25 07:59:16 | 000,244,960 | -H-- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/05 18:41:46 | 003,048,136 | -H-- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/15 12:26:22 | 000,095,232 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/06/05 15:17:44 | 000,160,944 | RH-- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/13 09:17:38 | 000,237,272 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/10/25 07:59:16 | 000,244,960 | -H-- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/08/25 18:53:00 | 000,013,672 | -H-- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2008/11/09 13:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\wbanemfv.sys -- (wbanemfv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/26 15:33:20 | 000,105,856 | -H-- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MR8980.sys -- (mr8980)
DRV - [2005/12/12 16:27:00 | 000,019,072 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/29 15:11:00 | 003,644,928 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/08/13 21:35:54 | 001,313,792 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/12/15 15:18:32 | 000,220,928 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 22:31:32 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2001/08/17 07:05:44 | 000,141,056 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 57 46 00 46 37 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://msn.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {E8075D6B-966D-405A-9E54-88D9D9555046}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{8054BF6F-EFCF-4959-9E19-A0D15D8D0741}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://tr.startnow.c...eferrer:source}
IE - HKCU\..\SearchScopes\{E8075D6B-966D-405A-9E54-88D9D9555046}: "URL" = http://search.yahoo....0728,6901,0,8,0
IE - HKCU\..\SearchScopes\{EE3DF523-4235-406C-BF94-B35C9D589C37}: "URL" = http://websearch.ask...DD-E17227BA9630
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/23 09:23:54 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/05/12 15:47:53 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/05/14 08:41:25 | 000,000,000 | -H-D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: SiteAdvisor = C:\Documents and Settings\ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

O1 HOSTS File: ([2003/03/31 05:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1345269198265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1309320650375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0A6683B-7345-4E0D-9AE1-54A12F462592}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\ann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/28 18:31:51 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/18 09:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/18 09:40:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/18 09:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/18 09:29:49 | 000,000,000 | ---D | C] -- C:\work
[2012/08/18 07:02:06 | 000,000,000 | ---D | C] -- C:\w
[2012/08/18 07:02:06 | 000,000,000 | ---D | C] -- C:\skins
[2012/08/17 23:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/17 22:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ann\Local Settings\Application Data\PCHealth
[2012/08/17 22:19:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ann\Recent
[2012/08/17 22:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ann\Application Data\Malwarebytes
[2012/08/17 22:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/17 22:01:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ann\Application Data\PC Utility Kit
[2012/08/17 22:01:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ann\Application Data\DriverCure
[2012/08/17 22:01:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ann\Start Menu\Programs\PC Utility Kit
[2012/08/17 22:01:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\PC Utility Kit
[2012/08/17 22:01:02 | 000,000,000 | -H-D | C] -- C:\Program Files\PC Utility Kit
[2012/08/17 22:01:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/08/17 21:54:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2012/08/17 20:52:09 | 000,000,000 | -H-D | C] -- C:\327627be945c03ce896edd
[2012/08/17 20:44:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ann\Application Data\MSN6
[2012/08/17 20:44:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2012/08/17 20:40:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ann\Start Menu\Programs\File Recovery
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/18 11:26:02 | 000,000,230 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/08/18 11:22:04 | 000,000,880 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/18 11:20:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/18 11:10:15 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/18 11:09:54 | 000,000,876 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/18 11:09:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/18 09:41:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/18 09:18:37 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F8445BDD-FFD7-4F73-AAE9-A0021669C5C4}.job
[2012/08/18 09:17:18 | 000,275,760 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 08:11:03 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/18 07:02:10 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2012/08/18 07:02:10 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2012/08/18 07:02:10 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2012/08/18 07:02:09 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2012/08/18 07:02:09 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2012/08/18 01:19:04 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\PC Utility Kit.job
[2012/08/17 22:35:29 | 000,000,792 | -H-- | M] () -- C:\Documents and Settings\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/17 22:01:28 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/08/17 22:01:26 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/08/17 22:01:07 | 000,000,973 | -H-- | M] () -- C:\Documents and Settings\ann\Desktop\PC Utility Kit.lnk
[2012/08/17 21:54:08 | 000,001,795 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/08/17 21:54:08 | 000,001,789 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/17 21:38:25 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\jKAXhe8it5NWhJ
[2012/08/17 21:37:04 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-jKAXhe8it5NWhJr
[2012/08/17 21:37:04 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-jKAXhe8it5NWhJ
[2012/08/17 21:31:31 | 000,001,919 | -H-- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/17 21:20:52 | 000,001,917 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/17 20:40:47 | 000,000,855 | -H-- | M] () -- C:\Documents and Settings\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/17 20:40:47 | 000,000,837 | -H-- | M] () -- C:\Documents and Settings\ann\Desktop\File_Recovery.lnk
[2012/08/16 03:00:00 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/08/14 20:36:37 | 000,001,729 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/08/14 17:26:26 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/12 02:41:00 | 000,000,354 | -H-- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2012/08/05 14:22:19 | 000,006,656 | -H-- | M] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/18 09:41:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/18 07:02:10 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2012/08/18 07:02:10 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2012/08/18 07:02:10 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2012/08/18 07:02:09 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2012/08/18 07:02:09 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2012/08/17 23:17:08 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/17 23:07:09 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/17 22:01:26 | 000,000,452 | -H-- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/08/17 22:01:07 | 000,000,973 | -H-- | C] () -- C:\Documents and Settings\ann\Desktop\PC Utility Kit.lnk
[2012/08/17 22:01:06 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/08/17 22:01:04 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\PC Utility Kit.job
[2012/08/17 21:51:09 | 000,001,795 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/08/17 21:50:52 | 000,001,789 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/17 21:01:16 | 000,000,804 | -H-- | C] () -- C:\WINDOWS\Installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\L\00000004.@
[2012/08/17 20:40:47 | 000,000,855 | -H-- | C] () -- C:\Documents and Settings\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/17 20:40:47 | 000,000,837 | -H-- | C] () -- C:\Documents and Settings\ann\Desktop\File_Recovery.lnk
[2012/08/17 20:40:47 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-jKAXhe8it5NWhJr
[2012/08/17 20:40:46 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-jKAXhe8it5NWhJ
[2012/08/17 20:40:39 | 000,000,368 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\jKAXhe8it5NWhJ
[2012/05/12 15:43:15 | 000,192,503 | -H-- | C] () -- C:\WINDOWS\hpwins22.dat
[2012/05/12 15:43:15 | 000,002,850 | -H-- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2012/03/03 04:36:31 | 000,807,846 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-436374069-583907252-839522115-1003-0.dat
[2012/03/03 04:36:22 | 000,277,526 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/01 14:10:24 | 000,000,590 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 16:11:17 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/12 21:20:34 | 000,006,656 | -H-- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/21 19:59:00 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2011/07/06 17:19:03 | 000,516,096 | -H-- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/07/05 18:37:01 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/07/05 18:37:01 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/07/05 18:05:47 | 000,085,504 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/29 19:21:34 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/28 23:16:20 | 000,000,664 | -H-- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\FASTWiz.html
[2011/06/28 19:16:50 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/06/28 19:00:38 | 000,029,207 | --S- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\fiof.foa
[2011/06/28 18:33:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 18:29:32 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/28 11:13:10 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/28 11:12:17 | 000,275,760 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/31 05:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\@
[2003/03/31 05:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\@

========== LOP Check ==========

[2011/08/19 08:30:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/07/04 11:38:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/07/06 21:12:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/08/17 22:01:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2011/06/29 19:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/17 22:01:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\DriverCure
[2012/08/17 22:01:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\PC Utility Kit
[2011/08/18 19:51:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\PDF Software
[2012/05/04 14:09:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\Raha
[2012/03/04 18:07:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\Spotify
[2011/07/06 17:28:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\WinBatch
[2011/06/28 22:26:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\Windows Desktop Search
[2011/06/30 12:33:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\Windows Search
[2012/03/09 11:01:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\{B080C257-02FB-4422-B21E-6CB96137E79B}
[2012/08/12 02:41:00 | 000,000,354 | -H-- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2012/08/16 03:00:00 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\Tasks\ErrorEND.job
[2012/08/17 22:01:28 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit Registration3.job
[2012/08/17 22:01:26 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit Update3.job
[2012/08/18 01:19:04 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit.job
[2012/08/18 11:26:02 | 000,000,230 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/08/18 09:18:37 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F8445BDD-FFD7-4F73-AAE9-A0021669C5C4}.job

========== Purity Check ==========



< End of report >

Please help!

Thanks...Tailer
  • 0

Advertisements

#2
ali.B
Posted 18 August 2012 - 04:12 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 57 46 00 46 37 CC 01 [binary data]
[2012/08/17 20:40:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ann\Start Menu\Programs\File Recovery
[2012/08/17 21:38:25 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\jKAXhe8it5NWhJ
[2012/08/17 21:37:04 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-jKAXhe8it5NWhJr
[2012/08/17 21:37:04 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-jKAXhe8it5NWhJ
[2012/08/17 21:01:16 | 000,000,804 | -H-- | C] () -- C:\WINDOWS\Installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\L\00000004.@
[2003/03/31 05:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\@
[2003/03/31 05:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\@
[2012/03/09 11:01:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\{B080C257-02FB-4422-B21E-6CB96137E79B}

:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#3
Tailer
Posted 20 August 2012 - 08:07 AM

Tailer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Not a good thing:
Below are the reports from OTL and something call extras. Combofix died after it said delete programs "installer". When I started to run Combofix, it said it didn't have Microsoft Recovery, I told it to get it, andit failed. Said could runn Combofix but couldn't fix any errors. I notice; when computer reboots the search engine is Babylon? Also, when it boots not in safe mode, it comes up as the primary user. If I boot in safe mode with networking I have the option of administrator or that other user.
This computer is a mess! :(
Logs:

OTL logfile created on: 8/20/2012 12:50:59 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\work
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 403.21 Mb Available Physical Memory | 42.07% Memory free
2.26 Gb Paging File | 1.72 Gb Available in Paging File | 76.02% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.26 Gb Total Space | 201.65 Gb Free Space | 89.12% Space Free | Partition Type: NTFS

Computer Name: JERRY | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 23:15:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\work\OTL.exe
PRC - [2012/08/19 23:01:43 | 001,697,312 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | -H-- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/10/25 07:59:16 | 000,244,960 | -H-- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | -H-- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/19 23:01:43 | 001,697,312 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012/08/19 23:01:42 | 002,049,056 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/06/13 09:11:14 | 000,221,696 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/12 21:51:03 | 013,197,824 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/12 21:46:18 | 001,666,048 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/12 03:26:38 | 000,762,368 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:26:36 | 000,786,944 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 03:26:35 | 000,646,656 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/12 03:06:51 | 006,798,336 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/12 03:05:40 | 000,980,480 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/12 03:05:38 | 005,618,176 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/12 03:05:26 | 007,052,800 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/12 03:05:10 | 009,090,560 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/12 03:05:01 | 014,412,800 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/10/25 07:59:16 | 000,244,960 | -H-- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - File not found [Auto | Stopped] -- mbamservice.exe -- (MBAMService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/08/19 23:01:43 | 001,697,312 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2011/10/25 07:59:16 | 000,244,960 | -H-- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/08/25 18:53:00 | 000,013,672 | -H-- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2008/11/09 13:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\wbanemfv.sys -- (wbanemfv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/19 09:22:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/08/18 22:10:05 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/07/26 15:33:20 | 000,105,856 | -H-- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MR8980.sys -- (mr8980)
DRV - [2005/12/12 16:27:00 | 000,019,072 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/29 15:11:00 | 003,644,928 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/08/13 21:35:54 | 001,313,792 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/12/15 15:18:32 | 000,220,928 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 22:31:32 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2001/08/17 07:05:44 | 000,141,056 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylo...000001731462b76
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000001731462b76
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://msn.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000001731462b76
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{8054BF6F-EFCF-4959-9E19-A0D15D8D0741}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://tr.startnow.c...eferrer:source}
IE - HKCU\..\SearchScopes\{E8075D6B-966D-405A-9E54-88D9D9555046}: "URL" = http://search.yahoo....0728,6901,0,8,0
IE - HKCU\..\SearchScopes\{EE3DF523-4235-406C-BF94-B35C9D589C37}: "URL" = http://websearch.ask...DD-E17227BA9630
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/05/12 15:47:53 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/05/14 08:41:25 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/08/19 23:01:44 | 000,000,000 | ---D | M]

[2012/08/19 23:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: SiteAdvisor = C:\Documents and Settings\ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\

O1 HOSTS File: ([2012/08/20 00:38:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1309313397319 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1309320650375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0A6683B-7345-4E0D-9AE1-54A12F462592}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\22565~1.25\{16cdf~1\browse~1.dll) - c:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\ann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/28 18:31:51 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 00:50:19 | 004,735,237 | ---- | C] (Swearware) -- C:\Documents and Settings\ann\Desktop\ComboFix.exe
[2012/08/20 00:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ann\Application Data\BabylonToolbar
[2012/08/19 23:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/08/19 23:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/08/19 23:18:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/19 23:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/19 23:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/08/19 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadManager
[2012/08/19 23:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ann\Start Menu\Programs\Browser Manager
[2012/08/19 23:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2012/08/19 23:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012/08/19 23:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/19 23:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ann\Local Settings\Application Data\Giant Savings
[2012/08/19 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Giant Savings
[2012/08/19 23:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/08/19 23:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ann\Application Data\Babylon
[2012/08/19 22:55:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/08/19 21:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/19 09:22:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/18 22:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/08/18 22:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/08/18 22:10:05 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/08/18 22:10:05 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/08/18 22:10:05 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/18 09:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/18 09:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/18 09:29:49 | 000,000,000 | ---D | C] -- C:\work
[2012/08/18 07:02:06 | 000,000,000 | ---D | C] -- C:\w
[2012/08/18 07:02:06 | 000,000,000 | ---D | C] -- C:\skins
[2012/08/17 22:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ann\Local Settings\Application Data\PCHealth
[2012/08/17 22:19:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ann\Recent
[2012/08/17 22:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ann\Application Data\Malwarebytes
[2012/08/17 22:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/17 22:01:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ann\Application Data\PC Utility Kit
[2012/08/17 22:01:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ann\Application Data\DriverCure
[2012/08/17 22:01:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ann\Start Menu\Programs\PC Utility Kit
[2012/08/17 22:01:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\PC Utility Kit
[2012/08/17 22:01:02 | 000,000,000 | -H-D | C] -- C:\Program Files\PC Utility Kit
[2012/08/17 22:01:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/08/17 20:52:09 | 000,000,000 | -H-D | C] -- C:\327627be945c03ce896edd
[2012/08/17 20:44:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ann\Application Data\MSN6
[2012/08/17 20:44:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6

========== Files - Modified Within 30 Days ==========

[2012/08/20 00:51:01 | 000,000,230 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/08/20 00:50:26 | 004,735,237 | ---- | M] (Swearware) -- C:\Documents and Settings\ann\Desktop\ComboFix.exe
[2012/08/20 00:40:42 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/20 00:40:21 | 000,000,876 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/20 00:40:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/20 00:38:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/19 23:48:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/19 23:42:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/19 23:02:21 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\ann\Desktop\JDownloader.lnk
[2012/08/19 23:02:21 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/08/19 23:01:40 | 000,000,312 | ---- | M] () -- C:\user.js
[2012/08/19 22:22:02 | 000,000,880 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 20:30:50 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F8445BDD-FFD7-4F73-AAE9-A0021669C5C4}.job
[2012/08/19 18:00:00 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/08/19 13:09:21 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\79c57440d425f0db.sys
[2012/08/19 09:22:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/19 03:00:00 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/08/19 02:41:00 | 000,000,354 | -H-- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2012/08/19 00:48:12 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/08/19 00:45:45 | 000,275,760 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 22:10:05 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/08/18 22:10:05 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/08/18 22:10:05 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/18 08:11:03 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/18 07:02:10 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2012/08/18 07:02:10 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2012/08/18 07:02:10 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2012/08/18 07:02:09 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2012/08/18 07:02:09 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2012/08/18 01:19:04 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\PC Utility Kit.job
[2012/08/17 22:35:29 | 000,000,792 | -H-- | M] () -- C:\Documents and Settings\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/17 22:01:26 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/08/17 22:01:07 | 000,000,973 | -H-- | M] () -- C:\Documents and Settings\ann\Desktop\PC Utility Kit.lnk
[2012/08/17 21:31:31 | 000,001,919 | -H-- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/17 21:20:52 | 000,001,917 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/17 20:40:47 | 000,000,855 | -H-- | M] () -- C:\Documents and Settings\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/17 20:40:47 | 000,000,837 | -H-- | M] () -- C:\Documents and Settings\ann\Desktop\File_Recovery.lnk
[2012/08/05 14:22:19 | 000,006,656 | -H-- | M] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/08/19 23:02:21 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\ann\Desktop\JDownloader.lnk
[2012/08/19 23:02:21 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/08/19 23:02:16 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2012/08/19 23:02:16 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/08/19 23:02:16 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2012/08/19 23:01:36 | 000,000,312 | ---- | C] () -- C:\user.js
[2012/08/19 21:22:00 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/19 13:09:21 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\79c57440d425f0db.sys
[2012/08/19 00:48:12 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/18 22:35:36 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\L\00000004.@
[2012/08/18 09:41:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/18 07:02:10 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2012/08/18 07:02:10 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2012/08/18 07:02:10 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2012/08/18 07:02:09 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2012/08/18 07:02:09 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2012/08/17 22:01:26 | 000,000,452 | -H-- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/08/17 22:01:07 | 000,000,973 | -H-- | C] () -- C:\Documents and Settings\ann\Desktop\PC Utility Kit.lnk
[2012/08/17 22:01:06 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/08/17 22:01:04 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\PC Utility Kit.job
[2012/08/17 20:40:47 | 000,000,855 | -H-- | C] () -- C:\Documents and Settings\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/17 20:40:47 | 000,000,837 | -H-- | C] () -- C:\Documents and Settings\ann\Desktop\File_Recovery.lnk
[2012/05/12 15:44:48 | 000,025,856 | -H-- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys
[2012/05/12 15:43:15 | 000,192,503 | -H-- | C] () -- C:\WINDOWS\hpwins22.dat
[2012/05/12 15:43:15 | 000,002,850 | -H-- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2012/03/03 04:36:31 | 000,807,846 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-436374069-583907252-839522115-1003-0.dat
[2012/03/03 04:36:22 | 000,277,526 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/01 14:10:24 | 000,000,590 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 16:11:17 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/12 21:20:34 | 000,006,656 | -H-- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/21 19:59:00 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2011/07/06 17:19:03 | 000,516,096 | -H-- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/07/05 18:37:33 | 000,006,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\splitter.sys
[2011/07/05 18:37:31 | 000,083,072 | -H-- | C] () -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2011/07/05 18:37:29 | 000,056,576 | -H-- | C] () -- C:\WINDOWS\System32\drivers\swmidi.sys
[2011/07/05 18:37:22 | 000,060,800 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2011/07/05 18:37:01 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/07/05 18:37:01 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/07/05 18:05:47 | 000,085,504 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/29 19:25:43 | 000,015,104 | -H-- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys
[2011/06/29 19:21:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/29 19:17:36 | 000,042,496 | -H-- | C] () -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2011/06/28 23:16:20 | 000,000,664 | -H-- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\FASTWiz.html
[2011/06/28 20:41:51 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2011/06/28 20:41:26 | 000,006,144 | -H-- | C] () -- C:\WINDOWS\System32\kbdpash.dll
[2011/06/28 20:41:26 | 000,006,144 | -H-- | C] () -- C:\WINDOWS\System32\kbdnepr.dll
[2011/06/28 20:41:26 | 000,006,144 | -H-- | C] () -- C:\WINDOWS\System32\kbdiultn.dll
[2011/06/28 20:41:26 | 000,006,144 | -H-- | C] () -- C:\WINDOWS\System32\kbdbhc.dll
[2011/06/28 19:16:50 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/06/28 19:00:38 | 000,029,207 | --S- | C] () -- C:\Documents and Settings\ann\Local Settings\Application Data\fiof.foa
[2011/06/28 18:33:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 18:29:56 | 000,073,472 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sr.sys
[2011/06/28 18:29:55 | 000,034,560 | -H-- | C] () -- C:\WINDOWS\System32\mnmdd.dll
[2011/06/28 18:29:32 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/28 18:29:03 | 000,021,896 | -H-- | C] () -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2011/06/28 18:29:03 | 000,012,040 | -H-- | C] () -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2011/06/28 18:28:30 | 000,040,840 | -H-- | C] () -- C:\WINDOWS\System32\drivers\termdd.sys
[2011/06/28 11:14:32 | 000,011,136 | -H-- | C] () -- C:\WINDOWS\System32\drivers\slip.sys
[2011/06/28 11:14:31 | 000,019,200 | -H-- | C] () -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2011/06/28 11:14:30 | 000,015,232 | -H-- | C] () -- C:\WINDOWS\System32\drivers\streamip.sys
[2011/06/28 11:13:56 | 000,057,600 | -H-- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2011/06/28 11:13:48 | 000,020,992 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rtl8139.sys
[2011/06/28 11:13:10 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/28 11:13:04 | 000,006,144 | RH-- | C] () -- C:\WINDOWS\System32\kbdtuq.dll
[2011/06/28 11:13:04 | 000,006,144 | RH-- | C] () -- C:\WINDOWS\System32\kbdtuf.dll
[2011/06/28 11:13:04 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdazel.dll
[2011/06/28 11:13:03 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdmon.dll
[2011/06/28 11:13:03 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdkyr.dll
[2011/06/28 11:13:02 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdycc.dll
[2011/06/28 11:13:02 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbduzb.dll
[2011/06/28 11:13:02 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdur.dll
[2011/06/28 11:13:02 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdtat.dll
[2011/06/28 11:13:02 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdru1.dll
[2011/06/28 11:13:02 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdru.dll
[2011/06/28 11:13:02 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdkaz.dll
[2011/06/28 11:13:02 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdbu.dll
[2011/06/28 11:13:02 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdblr.dll
[2011/06/28 11:13:02 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdaze.dll
[2011/06/28 11:13:01 | 000,008,192 | RH-- | C] () -- C:\WINDOWS\System32\kbdhept.dll
[2011/06/28 11:13:01 | 000,006,656 | RH-- | C] () -- C:\WINDOWS\System32\kbdhela3.dll
[2011/06/28 11:13:01 | 000,006,144 | RH-- | C] () -- C:\WINDOWS\System32\kbdhela2.dll
[2011/06/28 11:13:01 | 000,006,144 | RH-- | C] () -- C:\WINDOWS\System32\kbdgkl.dll
[2011/06/28 11:13:01 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdhe319.dll
[2011/06/28 11:13:01 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdhe220.dll
[2011/06/28 11:13:00 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdhe.dll
[2011/06/28 11:12:59 | 000,006,144 | RH-- | C] () -- C:\WINDOWS\System32\kbdlv1.dll
[2011/06/28 11:12:59 | 000,006,144 | RH-- | C] () -- C:\WINDOWS\System32\kbdlv.dll
[2011/06/28 11:12:59 | 000,006,144 | RH-- | C] () -- C:\WINDOWS\System32\kbdest.dll
[2011/06/28 11:12:59 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdlt1.dll
[2011/06/28 11:12:59 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdlt.dll
[2011/06/28 11:12:58 | 000,006,656 | RH-- | C] () -- C:\WINDOWS\System32\kbdsl1.dll
[2011/06/28 11:12:58 | 000,006,656 | RH-- | C] () -- C:\WINDOWS\System32\kbdsl.dll
[2011/06/28 11:12:58 | 000,006,656 | RH-- | C] () -- C:\WINDOWS\System32\kbdpl.dll
[2011/06/28 11:12:58 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdro.dll
[2011/06/28 11:12:57 | 000,007,168 | RH-- | C] () -- C:\WINDOWS\System32\kbdcz.dll
[2011/06/28 11:12:57 | 000,006,656 | RH-- | C] () -- C:\WINDOWS\System32\kbdycl.dll
[2011/06/28 11:12:57 | 000,006,656 | RH-- | C] () -- C:\WINDOWS\System32\kbdhu.dll
[2011/06/28 11:12:57 | 000,006,656 | RH-- | C] () -- C:\WINDOWS\System32\kbdcz2.dll
[2011/06/28 11:12:57 | 000,006,656 | RH-- | C] () -- C:\WINDOWS\System32\kbdcz1.dll
[2011/06/28 11:12:57 | 000,006,656 | RH-- | C] () -- C:\WINDOWS\System32\kbdcr.dll
[2011/06/28 11:12:57 | 000,006,656 | RH-- | C] () -- C:\WINDOWS\System32\KBDAL.DLL
[2011/06/28 11:12:57 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdpl1.dll
[2011/06/28 11:12:57 | 000,005,632 | RH-- | C] () -- C:\WINDOWS\System32\kbdhu1.dll
[2011/06/28 11:12:17 | 000,275,760 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/08/19 08:30:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/08/19 23:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/08/19 23:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2011/07/04 11:38:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/07/06 21:12:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/08/17 22:01:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2011/06/29 19:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/19 23:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\Babylon
[2012/08/20 00:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\BabylonToolbar
[2012/08/17 22:01:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\DriverCure
[2012/08/17 22:01:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\PC Utility Kit
[2011/08/18 19:51:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\PDF Software
[2012/05/04 14:09:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\Raha
[2011/07/06 17:28:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\WinBatch
[2011/06/28 22:26:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\Windows Desktop Search
[2011/06/30 12:33:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ann\Application Data\Windows Search
[2012/08/19 02:41:00 | 000,000,354 | -H-- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2012/08/19 03:00:00 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\Tasks\ErrorEND.job
[2012/08/19 18:00:00 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit Registration3.job
[2012/08/17 22:01:26 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit Update3.job
[2012/08/18 01:19:04 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit.job
[2012/08/20 00:51:01 | 000,000,230 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/08/19 20:30:50 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F8445BDD-FFD7-4F73-AAE9-A0021669C5C4}.job

========== Purity Check ==========



< End of report >


Extras?

OTL Extras logfile created on: 8/20/2012 12:51:00 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\work
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 403.21 Mb Available Physical Memory | 42.07% Memory free
2.26 Gb Paging File | 1.72 Gb Available in Paging File | 76.02% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.26 Gb Total Space | 201.65 Gb Free Space | 89.12% Space Free | Partition Type: NTFS

Computer Name: JERRY | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{11F27647-5229-4508-9056-D4ECB7FF8303}" = Eagle CUDA 240 S/GPS Demo
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E6679EB-C736-40E6-A1E5-F97F69A096E3}" = Wireless Monitoring System
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{643F4F69-5A6A-4B52-BD56-5909800B556F}" = 8500A909_Help_BasicWeb
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89C952FE-3B6E-4462-9A5B-DDBEFC2C1A0C}" = Eagle IntelliMap 320 Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{978AFF1A-B939-4177-B85A-C87B1867AC5C}" = 8500A909_BasicWeb
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{B1054C0C-0C16-41E1-8A9D-35F065793E92}" = HP Officejet Pro 8500 A909 Series
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"0587FB824A2C7876CE70A17CA0BABB28702DE6DC" = Windows Driver Package - OEM (mr8980) Image (07/02/2010 1.0.0.0)
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BabylonToolbar" = Babylon toolbar on IE
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Giant Savings" = Giant Savings
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{1E6679EB-C736-40E6-A1E5-F97F69A096E3}" = Wireless Monitoring System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROR" = Microsoft Office Professional 2007
"PS2" = PS2
"StartNow Toolbar" = StartNow Toolbar
"TurboTax 2011" = TurboTax 2011
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2012 9:53:28 AM | Computer Name = JERRY | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8007064C Description:. 0x8007064C. The installation source
for this product is not available. Verify that the source exists and that you
can access it.

Error - 8/19/2012 9:53:29 AM | Computer Name = JERRY | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/19/2012 9:55:32 AM | Computer Name = JERRY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/19/2012 9:55:39 AM | Computer Name = JERRY | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/19/2012 12:10:17 PM | Computer Name = JERRY | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x80070015.

Error - 8/19/2012 8:38:21 PM | Computer Name = JERRY | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/20/2012 12:21:55 AM | Computer Name = JERRY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/20/2012 12:22:01 AM | Computer Name = JERRY | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/20/2012 12:24:21 AM | Computer Name = JERRY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x8050a003, P2 mpupdateengine, P3 am fe,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/20/2012 3:45:54 AM | Computer Name = JERRY | Source = Application Hang | ID = 1002
Description = Hanging application javaw.exe, version 6.0.260.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 2/14/2012 4:21:02 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 78073
seconds with 5880 seconds of active time. This session ended with a crash.

Error - 2/14/2012 4:21:44 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/29/2012 5:40:48 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/19/2012 8:24:42 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 184892
seconds with 6120 seconds of active time. This session ended with a crash.

Error - 5/17/2012 2:28:11 PM | Computer Name = JERRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2444
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 8/10/2012 1:11:26 PM | Computer Name = JERRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 174309
seconds with 6780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/20/2012 3:30:10 AM | Computer Name = JERRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips ohci1394 Processor

Error - 8/20/2012 3:30:10 AM | Computer Name = JERRY | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/20/2012 3:37:46 AM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/20/2012 3:39:23 AM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/20/2012 3:41:47 AM | Computer Name = JERRY | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 8/20/2012 3:41:47 AM | Computer Name = JERRY | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 8/20/2012 3:41:47 AM | Computer Name = JERRY | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 8/20/2012 3:41:47 AM | Computer Name = JERRY | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/20/2012 3:41:47 AM | Computer Name = JERRY | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 8/20/2012 3:41:47 AM | Computer Name = JERRY | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2


< End of report >

Please help!
Thanks...Tailer
  • 0

#4
ali.B
Posted 20 August 2012 - 03:24 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#5
Tailer
Posted 20 August 2012 - 10:18 PM

Tailer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I have to logs:
First one:
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: ann [Admin rights]
Mode: Scan -- Date: 08/20/2012 21:06:33

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : {963146F5-F4CB-AD40-E105-1F34D3F03C26} ("C:\Documents and Settings\ann\Application Data\Raha\onpa.exe") -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : ngfens (rundll32.exe "C:\DOCUME~1\ann\LOCALS~1\Temp\ngfens.dll",SteamGameServerStats) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : ortup (rundll32.exe "C:\DOCUME~1\ann\LOCALS~1\Temp\ortup.dll",ComputeIMTFromPerTexelSignal) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-436374069-583907252-839522115-1003[...]\Run : {963146F5-F4CB-AD40-E105-1F34D3F03C26} ("C:\Documents and Settings\ann\Application Data\Raha\onpa.exe") -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\L --> FOUND
[ZeroAccess][FILE] n : c:\documents and settings\ann\local settings\application data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\n --> FOUND
[ZeroAccess][FILE] @ : c:\documents and settings\ann\local settings\application data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\documents and settings\ann\local settings\application data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\documents and settings\ann\local settings\application data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250823AS +++++
--- User ---
[MBR] 3d735c89185ea09ba40b27d436e93521
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] fc70dd8046d2af2484a9056119429176
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 474495840 | Size: 100 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

Log 2:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: ann [Admin rights]
Mode: Remove -- Date: 08/20/2012 21:10:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : {963146F5-F4CB-AD40-E105-1F34D3F03C26} ("C:\Documents and Settings\ann\Application Data\Raha\onpa.exe") -> DELETED
[BLACKLIST DLL] HKLM\[...]\Run : ngfens (rundll32.exe "C:\DOCUME~1\ann\LOCALS~1\Temp\ngfens.dll",SteamGameServerStats) -> DELETED
[BLACKLIST DLL] HKLM\[...]\Run : ortup (rundll32.exe "C:\DOCUME~1\ann\LOCALS~1\Temp\ortup.dll",ComputeIMTFromPerTexelSignal) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\n --> REMOVED
[ZeroAccess][FILE] @ : c:\windows\installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\windows\installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\windows\installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : c:\windows\installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\L --> REMOVED
[ZeroAccess][FILE] n : c:\documents and settings\ann\local settings\application data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\n --> REMOVED
[ZeroAccess][FILE] @ : c:\documents and settings\ann\local settings\application data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\documents and settings\ann\local settings\application data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\documents and settings\ann\local settings\application data\{82e69e16-d8bd-2dd9-04e9-3cccb12caa5a}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> REMOVED

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250823AS +++++
--- User ---
[MBR] 3d735c89185ea09ba40b27d436e93521
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] fc70dd8046d2af2484a9056119429176
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 474495840 | Size: 100 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Please let me know if we need to do more.
Thanks...Tailer
  • 0

#6
ali.B
Posted 20 August 2012 - 11:45 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#7
ali.B
Posted 29 August 2012 - 08:22 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP