Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security Shield [Closed]


  • This topic is locked This topic is locked

#1
annmeris

annmeris

    Member

  • Member
  • PipPip
  • 71 posts
OMG
This thing has taken over my whole computer. How can I get rid of it?
Thanks...Ann
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first I will need to see what you have, if necessary rename rogue killer to winlogon

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
annmeris

annmeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
The only way I could get this to run was in safe mode. If it wasn't in safe mode, it would restart the computer.
And I ended up running it 3 times
First Run:
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Scan -- Date: 08/21/2012 16:38:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250823AS +++++
--- User ---
[MBR] 3d735c89185ea09ba40b27d436e93521
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] fc70dd8046d2af2484a9056119429176
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 474495840 | Size: 100 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

Second Run:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/21/2012 16:47:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 7 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 20611 / Fail 0
Start menu: Success 38 / Fail 0
User folder: Success 67 / Fail 0
My documents: Success 33 / Fail 0
My favorites: Success 1 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 41778 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\Harddisk1\DP(1)0-0+7 -- 0x2 --> Restored
[E:] \Device\Harddisk2\DP(1)0-0+8 -- 0x2 --> Restored
[F:] \Device\Harddisk3\DP(1)0-0+9 -- 0x2 --> Restored
[G:] \Device\Harddisk4\DP(1)0-0+a -- 0x2 --> Restored
[I:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Third Run:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Remove -- Date: 08/21/2012 16:58:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250823AS +++++
--- User ---
[MBR] 3d735c89185ea09ba40b27d436e93521
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] fc70dd8046d2af2484a9056119429176
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 474495840 | Size: 100 Mo

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

OLT.TXT
OTL logfile created on: 8/21/2012 5:05:32 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Administrator.JERRY.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 485.23 Mb Available Physical Memory | 50.62% Memory free
2.26 Gb Paging File | 1.86 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.26 Gb Total Space | 199.37 Gb Free Space | 88.12% Space Free | Partition Type: NTFS

Computer Name: JERRY | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 17:02:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\OTL.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\wbanemfv.sys -- (wbanemfv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/21 16:29:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B838174B-1ECA-4FA5-8130-BE34BF7997F4}\MpKsld34b41db.sys -- (MpKsld34b41db)
DRV - [2012/08/21 14:48:15 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/08/21 14:41:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/07/26 15:33:20 | 000,105,856 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MR8980.sys -- (mr8980)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/12/15 15:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2001/08/17 07:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436374069-583907252-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-436374069-583907252-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C B9 BC 40 F5 7F CD 01 [binary data]
IE - HKU\S-1-5-21-436374069-583907252-839522115-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-436374069-583907252-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-436374069-583907252-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/05/12 15:47:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/05/14 08:41:25 | 000,000,000 | ---D | M]

[2012/08/19 23:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/08/20 00:38:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-583907252-839522115-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-436374069-583907252-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1309313397319 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1309320650375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0A6683B-7345-4E0D-9AE1-54A12F462592}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/28 18:31:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 17:02:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\OTL.exe
[2012/08/21 16:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\RK_Quarantine
[2012/08/21 16:32:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JERRY.000\PrivacIE
[2012/08/21 16:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Application Data\Adobe
[2012/08/21 16:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JERRY.000\IETldCache
[2012/08/21 16:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Local Settings\Application Data\Microsoft
[2012/08/21 16:31:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JERRY.000\Application Data\Microsoft
[2012/08/21 16:31:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JERRY.000\Cookies
[2012/08/21 16:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Start Menu\Programs\Startup
[2012/08/21 16:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Start Menu
[2012/08/21 16:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JERRY.000\SendTo
[2012/08/21 16:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Application Data
[2012/08/21 16:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Start Menu\Programs\Accessories
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Templates
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Recent
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\PrintHood
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\NetHood
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\My Documents
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Local Settings\Application Data\Microsoft Help
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Application Data\Macromedia
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Local Settings
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Favorites
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Desktop
[2012/08/21 15:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2012/08/21 14:41:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/21 12:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/20 21:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-zip
[2012/08/20 21:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/08/20 21:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip
[2012/08/20 21:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/08/20 00:58:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/20 00:58:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/20 00:58:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/20 00:58:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/20 00:57:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/20 00:56:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/20 00:55:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/19 23:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/08/19 23:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/08/19 23:18:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/19 23:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/19 23:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/08/19 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadManager
[2012/08/19 23:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2012/08/19 23:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/19 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Giant Savings
[2012/08/19 23:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/08/19 22:55:53 | 000,000,000 | --SD | C] -- C:\WINDOWS\CSC
[2012/08/19 21:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/18 22:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/08/18 22:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/08/18 22:10:05 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/18 09:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/18 09:29:49 | 000,000,000 | ---D | C] -- C:\work
[2012/08/18 07:02:06 | 000,000,000 | ---D | C] -- C:\w
[2012/08/18 07:02:06 | 000,000,000 | ---D | C] -- C:\skins
[2012/08/17 22:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/17 22:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Utility Kit
[2012/08/17 22:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\PC Utility Kit
[2012/08/17 22:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/08/17 20:52:09 | 000,000,000 | ---D | C] -- C:\327627be945c03ce896edd
[2012/08/17 20:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6

========== Files - Modified Within 30 Days ==========

[2012/08/21 17:02:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\OTL.exe
[2012/08/21 16:41:54 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/21 16:41:40 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/21 16:37:47 | 001,558,528 | ---- | M] () -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\RogueKiller.exe
[2012/08/21 16:32:09 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/21 16:31:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/21 16:30:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012/08/21 16:28:38 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/21 16:26:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/08/21 16:22:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/21 15:32:45 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk
[2012/08/21 14:48:15 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/08/21 14:41:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/21 12:49:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 11:50:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/21 11:38:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/08/21 11:16:29 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F8445BDD-FFD7-4F73-AAE9-A0021669C5C4}.job
[2012/08/20 22:10:14 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/20 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/08/20 00:38:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/19 23:01:40 | 000,000,312 | ---- | M] () -- C:\user.js
[2012/08/19 13:09:21 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\79c57440d425f0db.sys
[2012/08/19 03:00:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/08/19 02:41:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2012/08/19 00:45:45 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 22:10:05 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/18 08:11:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/18 07:02:10 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2012/08/18 07:02:10 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2012/08/18 07:02:10 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2012/08/18 07:02:09 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2012/08/18 07:02:09 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2012/08/18 01:19:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PC Utility Kit.job
[2012/08/17 22:01:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/08/17 21:31:31 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

========== Files Created - No Company Name ==========

[2012/08/21 16:37:18 | 001,558,528 | ---- | C] () -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\RogueKiller.exe
[2012/08/21 16:31:47 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.JERRY.000\Start Menu\Programs\Remote Assistance.lnk
[2012/08/21 14:48:15 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/08/21 12:49:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 11:51:47 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/21 11:51:36 | 000,000,366 | ---- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/20 21:03:32 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk
[2012/08/20 19:20:50 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012/08/20 00:58:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/20 00:58:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/20 00:58:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/20 00:58:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/20 00:58:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/19 23:02:16 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2012/08/19 23:02:16 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/08/19 23:02:16 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2012/08/19 23:01:36 | 000,000,312 | ---- | C] () -- C:\user.js
[2012/08/19 21:22:00 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/19 13:09:21 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\79c57440d425f0db.sys
[2012/08/19 00:48:12 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/18 07:02:10 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2012/08/18 07:02:10 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2012/08/18 07:02:10 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2012/08/18 07:02:09 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2012/08/18 07:02:09 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2012/08/17 22:01:26 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/08/17 22:01:06 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/08/17 22:01:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\PC Utility Kit.job
[2012/05/12 15:43:15 | 000,192,503 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2012/05/12 15:43:15 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2012/03/03 04:36:31 | 000,807,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-436374069-583907252-839522115-1003-0.dat
[2012/03/03 04:36:22 | 000,277,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/01 14:10:24 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 16:11:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/21 19:59:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/07/06 17:19:03 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/07/05 18:37:01 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/07/05 18:37:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/07/05 18:05:47 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/29 19:21:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/28 19:16:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/06/28 18:33:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 18:29:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/28 11:13:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/28 11:12:17 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/08/19 08:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/08/19 23:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/08/19 23:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2011/07/04 11:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/07/06 21:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/08/17 22:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/08/20 21:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/08/21 15:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/06/29 19:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/19 23:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\Babylon
[2012/08/20 00:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\BabylonToolbar
[2012/08/17 22:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\DriverCure
[2012/08/17 22:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\PC Utility Kit
[2011/08/18 19:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\PDF Software
[2012/05/04 14:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\Raha
[2011/07/06 17:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\WinBatch
[2011/06/28 22:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\Windows Desktop Search
[2011/06/30 12:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\Windows Search
[2012/08/21 16:30:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\Browser Manager.job
[2012/08/19 02:41:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2012/08/19 03:00:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorEND.job
[2012/08/21 16:41:40 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2012/08/20 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit Registration3.job
[2012/08/17 22:01:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit Update3.job
[2012/08/18 01:19:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit.job
[2012/08/21 16:26:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/08/21 11:16:29 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F8445BDD-FFD7-4F73-AAE9-A0021669C5C4}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 00:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2003/03/31 05:00:00 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll

< MD5 for: SERVICES >
[2003/03/31 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 10:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 03:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 00:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.EXE.000 >
[2004/08/04 00:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe.000

< MD5 for: SERVICES.MSC >
[2003/03/31 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\_OTL\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Documents and Settings\ann\Desktop\Chameleon\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 00:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\_OTL\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Documents and Settings\ann\Desktop\Chameleon\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = Rpcss [binary data] -- [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1

< >

< End of report >

OLT Extras

OTL Extras logfile created on: 8/21/2012 5:05:32 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Administrator.JERRY.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 485.23 Mb Available Physical Memory | 50.62% Memory free
2.26 Gb Paging File | 1.86 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.26 Gb Total Space | 199.37 Gb Free Space | 88.12% Space Free | Partition Type: NTFS

Computer Name: JERRY | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"19073:UDP" = 19073:UDP:*:Enabled:UDP 19073
"12989:TCP" = 12989:TCP:*:Enabled:TCP 12989
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\ann\Local Settings\Temp\7zS0808\OJP8500vA909_Basic_14\setup\hpznui01.exe" = C:\Documents and Settings\ann\Local Settings\Temp\7zS0808\OJP8500vA909_Basic_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Documents and Settings\ann\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\ann\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Documents and Settings\ann\Local Settings\Temp\7zS0808\OJP8500vA909_Basic_14\setup\hpznui01.exe" = C:\Documents and Settings\ann\Local Settings\Temp\7zS0808\OJP8500vA909_Basic_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{11F27647-5229-4508-9056-D4ECB7FF8303}" = Eagle CUDA 240 S/GPS Demo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E6679EB-C736-40E6-A1E5-F97F69A096E3}" = Wireless Monitoring System
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{643F4F69-5A6A-4B52-BD56-5909800B556F}" = 8500A909_Help_BasicWeb
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89C952FE-3B6E-4462-9A5B-DDBEFC2C1A0C}" = Eagle IntelliMap 320 Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{978AFF1A-B939-4177-B85A-C87B1867AC5C}" = 8500A909_BasicWeb
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{B1054C0C-0C16-41E1-8A9D-35F065793E92}" = HP Officejet Pro 8500 A909 Series
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"0587FB824A2C7876CE70A17CA0BABB28702DE6DC" = Windows Driver Package - OEM (mr8980) Image (07/02/2010 1.0.0.0)
"7-Zip" = 7-zip v9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{1E6679EB-C736-40E6-A1E5-F97F69A096E3}" = Wireless Monitoring System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROR" = Microsoft Office Professional 2007
"PS2" = PS2
"StartNow Toolbar" = StartNow Toolbar
"TurboTax 2011" = TurboTax 2011
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2012 7:00:38 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.

Error - 8/21/2012 7:03:48 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.

Error - 8/21/2012 7:06:53 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.

Error - 8/21/2012 7:09:58 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.

Error - 8/21/2012 7:13:07 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.

Error - 8/21/2012 7:16:17 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.

Error - 8/21/2012 7:19:35 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.

Error - 8/21/2012 7:22:40 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.

Error - 8/21/2012 7:25:48 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.

Error - 8/21/2012 7:29:07 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.

[ OSession Events ]
Error - 2/14/2012 4:21:02 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 78073
seconds with 5880 seconds of active time. This session ended with a crash.

Error - 2/14/2012 4:21:44 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/29/2012 5:40:48 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/19/2012 8:24:42 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 184892
seconds with 6120 seconds of active time. This session ended with a crash.

Error - 5/17/2012 2:28:11 PM | Computer Name = JERRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2444
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 8/10/2012 1:11:26 PM | Computer Name = JERRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 174309
seconds with 6780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/21/2012 1:20:43 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/21/2012 1:20:44 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/21/2012 1:20:44 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/21/2012 1:20:44 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/21/2012 1:20:47 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/21/2012 1:20:47 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/21/2012 5:41:03 PM | Computer Name = JERRY | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 8/21/2012 5:41:03 PM | Computer Name = JERRY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 8/21/2012 5:41:03 PM | Computer Name = JERRY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 8/21/2012 5:41:03 PM | Computer Name = JERRY | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2


< End of report >


Let me know what to do.
Thanks...Ann
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I believe I can see the culprit however, it is much larger than normal.. So first I would like to get the recovery console installed whilst we check it out

Run these three programmes from safe mode please, if one fails then move on to the next


Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

FINALLY
  • 0

#5
annmeris

annmeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
i ran combofix it started to remove programs. then rebooted to a blue screen and an error. looks like a check dish error. There isn't any combofix.txt. Then i rebooted in safe mode. Do you want me to go on? to TDSSKiller?
  • 0

#6
annmeris

annmeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
As I posted from the infected computer. Combofix rebooted to a blue screen with an error, like a check disk error. I rebooted in safe mode. There wasn't any combofix.txt. I walked away from the computer when I returned (still in safe mode) a message was on the screen stating "security Sheild 2012 installed".
First y husband was working on his problem with another tech. He wasn't getting any place. So I took over and started these postings. We need a lot more help. Between us first him then me we have run all the programs mentioned. Please help!!
Ann
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please.. Did Combofix install the recovery console ?

You will notice it when you reboot, if it is installed there will be a black screen for a second or two with the option to run it..

Then try TDSSKiller

Looks like my thought was correct so I will prepare a fix for that, as I do not feel TDSSkiller will run either
  • 0

#8
annmeris

annmeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
No it did Not install the recovery console. The first time I ran this before you started helping it didn't install it either. Obviously this virus, root kit, malware is smarter than me!
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK not a problem... We are smarter than some lines of code aren't we :)

I would like you to burn a CD now so that we can approach the problem from outside of windows

Please download the following tool

Listparts

And save it to your root C drive.. i.e C:\Listparts

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Using the explorer function within the Reatogo desktop
  • Locate Listparts and run
  • The tool will start to run.
    Posted Image
  • Press Scan button.
  • It will make a log (results.txt) on the C drive. Please copy and paste it to your reply.

  • 0

#10
annmeris

annmeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Only have DVD's. Can I burn these things from a different computer? When I boot in safe mode with networking, my cd/DVD burner doesn't load.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes a DVD is good, and when you boot from this DVD we will bypass the windows set up complety. It is an operating system on a disc
You will need to set your computer to boot from CD/DVD do you know how to do that ?
  • 0

#12
annmeris

annmeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Yes, I do. But not smart enough to realize I'm writing this from my IPad and am using the computer keyboard to write it and am not understanding why the letters weren't appearing :(. Can I burn the CD from another computer?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes you can .. And that might be a better idea, less chance for the malware to interfere
  • 0

#14
annmeris

annmeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
When I attempted to boot from the cd
First went to BIOS and checked boot sequence first floppy (haha) second CDRom, third Hard Drive.
It spun for awhile then I saw the Microsoft windows start up. So I shut it down and am writing this. Am I suppose to see the windows starting?
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No you should see white writing on a black background as it loads

Did you get the prompt

Press any key to boot from CD........
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP