The only way I could get this to run was in safe mode. If it wasn't in safe mode, it would restart the computer.
And I ended up running it 3 times
First Run:
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo...13-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Scan -- Date: 08/21/2012 16:38:24
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
˙ž1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3250823AS +++++
--- User ---
[MBR] 3d735c89185ea09ba40b27d436e93521
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] fc70dd8046d2af2484a9056119429176
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 474495840 | Size: 100 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt
Second Run:
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo...13-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/21/2012 16:47:49
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 7 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 20611 / Fail 0
Start menu: Success 38 / Fail 0
User folder: Success 67 / Fail 0
My documents: Success 33 / Fail 0
My favorites: Success 1 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 41778 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\Harddisk1\DP(1)0-0+7 -- 0x2 --> Restored
[E:] \Device\Harddisk2\DP(1)0-0+8 -- 0x2 --> Restored
[F:] \Device\Harddisk3\DP(1)0-0+9 -- 0x2 --> Restored
[G:] \Device\Harddisk4\DP(1)0-0+a -- 0x2 --> Restored
[I:] \Device\CdRom0 -- 0x5 --> Skipped
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Third Run:
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo...13-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Remove -- Date: 08/21/2012 16:58:49
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
˙ž1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3250823AS +++++
--- User ---
[MBR] 3d735c89185ea09ba40b27d436e93521
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] fc70dd8046d2af2484a9056119429176
[BSP] 4bd442e99ba1b4bfb0769fdea6035640 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 231687 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 474495840 | Size: 100 Mo
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
OLT.TXT
OTL logfile created on: 8/21/2012 5:05:32 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Administrator.JERRY.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.48 Mb Total Physical Memory | 485.23 Mb Available Physical Memory | 50.62% Memory free
2.26 Gb Paging File | 1.86 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.26 Gb Total Space | 199.37 Gb Free Space | 88.12% Space Free | Partition Type: NTFS
Computer Name: JERRY | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/08/21 17:02:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\OTL.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\wbanemfv.sys -- (wbanemfv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/21 16:29:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B838174B-1ECA-4FA5-8130-BE34BF7997F4}\MpKsld34b41db.sys -- (MpKsld34b41db)
DRV - [2012/08/21 14:48:15 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/08/21 14:41:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/07/26 15:33:20 | 000,105,856 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MR8980.sys -- (mr8980)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/12/15 15:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2001/08/17 07:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?}IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436374069-583907252-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-436374069-583907252-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C B9 BC 40 F5 7F CD 01 [binary data]
IE - HKU\S-1-5-21-436374069-583907252-839522115-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-436374069-583907252-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...Box&Form=IE8SRCIE - HKU\S-1-5-21-436374069-583907252-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/05/12 15:47:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/05/14 08:41:25 | 000,000,000 | ---D | M]
[2012/08/19 23:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2012/08/20 00:38:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-583907252-839522115-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-436374069-583907252-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1309313397319 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.mi...b?1309320650375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0A6683B-7345-4E0D-9AE1-54A12F462592}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/28 18:31:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
========== Files/Folders - Created Within 30 Days ========== [2012/08/21 17:02:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\OTL.exe
[2012/08/21 16:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\RK_Quarantine
[2012/08/21 16:32:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JERRY.000\PrivacIE
[2012/08/21 16:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Application Data\Adobe
[2012/08/21 16:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JERRY.000\IETldCache
[2012/08/21 16:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Local Settings\Application Data\Microsoft
[2012/08/21 16:31:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JERRY.000\Application Data\Microsoft
[2012/08/21 16:31:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JERRY.000\Cookies
[2012/08/21 16:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Start Menu\Programs\Startup
[2012/08/21 16:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Start Menu
[2012/08/21 16:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JERRY.000\SendTo
[2012/08/21 16:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Application Data
[2012/08/21 16:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Start Menu\Programs\Accessories
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Templates
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Recent
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\PrintHood
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\NetHood
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\My Documents
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Local Settings\Application Data\Microsoft Help
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Application Data\Macromedia
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Local Settings
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Favorites
[2012/08/21 16:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JERRY.000\Desktop
[2012/08/21 15:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2012/08/21 14:41:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/21 12:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/20 21:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-zip
[2012/08/20 21:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/08/20 21:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip
[2012/08/20 21:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/08/20 00:58:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/20 00:58:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/20 00:58:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/20 00:58:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/20 00:57:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/20 00:56:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/20 00:55:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/19 23:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/08/19 23:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/08/19 23:18:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/19 23:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/19 23:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/08/19 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadManager
[2012/08/19 23:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2012/08/19 23:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/19 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Giant Savings
[2012/08/19 23:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/08/19 22:55:53 | 000,000,000 | --SD | C] -- C:\WINDOWS\CSC
[2012/08/19 21:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/18 22:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/08/18 22:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/08/18 22:10:05 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/18 09:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/18 09:29:49 | 000,000,000 | ---D | C] -- C:\work
[2012/08/18 07:02:06 | 000,000,000 | ---D | C] -- C:\w
[2012/08/18 07:02:06 | 000,000,000 | ---D | C] -- C:\skins
[2012/08/17 22:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/17 22:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Utility Kit
[2012/08/17 22:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\PC Utility Kit
[2012/08/17 22:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/08/17 20:52:09 | 000,000,000 | ---D | C] -- C:\327627be945c03ce896edd
[2012/08/17 20:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
========== Files - Modified Within 30 Days ========== [2012/08/21 17:02:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\OTL.exe
[2012/08/21 16:41:54 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/21 16:41:40 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/21 16:37:47 | 001,558,528 | ---- | M] () -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\RogueKiller.exe
[2012/08/21 16:32:09 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/21 16:31:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/21 16:30:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012/08/21 16:28:38 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/21 16:26:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/08/21 16:22:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/21 15:32:45 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk
[2012/08/21 14:48:15 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/08/21 14:41:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/21 12:49:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 11:50:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/21 11:38:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/08/21 11:16:29 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F8445BDD-FFD7-4F73-AAE9-A0021669C5C4}.job
[2012/08/20 22:10:14 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/20 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/08/20 00:38:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/19 23:01:40 | 000,000,312 | ---- | M] () -- C:\user.js
[2012/08/19 13:09:21 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\79c57440d425f0db.sys
[2012/08/19 03:00:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/08/19 02:41:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2012/08/19 00:45:45 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 22:10:05 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/18 08:11:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/18 07:02:10 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2012/08/18 07:02:10 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2012/08/18 07:02:10 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2012/08/18 07:02:09 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2012/08/18 07:02:09 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2012/08/18 01:19:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PC Utility Kit.job
[2012/08/17 22:01:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/08/17 21:31:31 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
========== Files Created - No Company Name ========== [2012/08/21 16:37:18 | 001,558,528 | ---- | C] () -- C:\Documents and Settings\Administrator.JERRY.000\Desktop\RogueKiller.exe
[2012/08/21 16:31:47 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.JERRY.000\Start Menu\Programs\Remote Assistance.lnk
[2012/08/21 14:48:15 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/08/21 12:49:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 11:51:47 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/21 11:51:36 | 000,000,366 | ---- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/20 21:03:32 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk
[2012/08/20 19:20:50 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012/08/20 00:58:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/20 00:58:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/20 00:58:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/20 00:58:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/20 00:58:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/19 23:02:16 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2012/08/19 23:02:16 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/08/19 23:02:16 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2012/08/19 23:01:36 | 000,000,312 | ---- | C] () -- C:\user.js
[2012/08/19 21:22:00 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/19 13:09:21 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\79c57440d425f0db.sys
[2012/08/19 00:48:12 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/18 07:02:10 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2012/08/18 07:02:10 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2012/08/18 07:02:10 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2012/08/18 07:02:09 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2012/08/18 07:02:09 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2012/08/17 22:01:26 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/08/17 22:01:06 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/08/17 22:01:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\PC Utility Kit.job
[2012/05/12 15:43:15 | 000,192,503 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2012/05/12 15:43:15 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2012/03/03 04:36:31 | 000,807,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-436374069-583907252-839522115-1003-0.dat
[2012/03/03 04:36:22 | 000,277,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/01 14:10:24 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 16:11:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/21 19:59:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/07/06 17:19:03 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/07/05 18:37:01 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/07/05 18:37:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/07/05 18:05:47 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/29 19:21:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/28 19:16:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/06/28 18:33:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 18:29:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/28 11:13:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/28 11:12:17 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ========== [2011/08/19 08:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/08/19 23:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/08/19 23:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2011/07/04 11:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/07/06 21:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/08/17 22:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/08/20 21:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/08/21 15:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/06/29 19:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/19 23:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\Babylon
[2012/08/20 00:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\BabylonToolbar
[2012/08/17 22:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\DriverCure
[2012/08/17 22:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\PC Utility Kit
[2011/08/18 19:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\PDF Software
[2012/05/04 14:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\Raha
[2011/07/06 17:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\WinBatch
[2011/06/28 22:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\Windows Desktop Search
[2011/06/30 12:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ann\Application Data\Windows Search
[2012/08/21 16:30:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\Browser Manager.job
[2012/08/19 02:41:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2012/08/19 03:00:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorEND.job
[2012/08/21 16:41:40 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2012/08/20 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit Registration3.job
[2012/08/17 22:01:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit Update3.job
[2012/08/18 01:19:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PC Utility Kit.job
[2012/08/21 16:26:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/08/21 11:16:29 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F8445BDD-FFD7-4F73-AAE9-A0021669C5C4}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: QMGR.DLL >[2004/08/04 00:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2003/03/31 05:00:00 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll
< MD5 for: SERVICES >[2003/03/31 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.EXE >[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 10:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 03:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 00:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
< MD5 for: SERVICES.EXE.000 >[2004/08/04 00:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe.000
< MD5 for: SERVICES.MSC >[2003/03/31 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
< MD5 for: SVCHOST.EXE >[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\_OTL\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Documents and Settings\ann\Desktop\Chameleon\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 00:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >[2004/08/04 00:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2004/08/04 00:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\_OTL\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Documents and Settings\ann\Desktop\Chameleon\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >"Type" = 32
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = Rpcss [binary data] -- [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1
< >< End of report >
OLT Extras
OTL Extras logfile created on: 8/21/2012 5:05:32 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Administrator.JERRY.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.48 Mb Total Physical Memory | 485.23 Mb Available Physical Memory | 50.62% Memory free
2.26 Gb Paging File | 1.86 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226.26 Gb Total Space | 199.37 Gb Free Space | 88.12% Space Free | Partition Type: NTFS
Computer Name: JERRY | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"19073:UDP" = 19073:UDP:*:Enabled:UDP 19073
"12989:TCP" = 12989:TCP:*:Enabled:TCP 12989
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\ann\Local Settings\Temp\7zS0808\OJP8500vA909_Basic_14\setup\hpznui01.exe" = C:\Documents and Settings\ann\Local Settings\Temp\7zS0808\OJP8500vA909_Basic_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Documents and Settings\ann\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\ann\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Documents and Settings\ann\Local Settings\Temp\7zS0808\OJP8500vA909_Basic_14\setup\hpznui01.exe" = C:\Documents and Settings\ann\Local Settings\Temp\7zS0808\OJP8500vA909_Basic_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{11F27647-5229-4508-9056-D4ECB7FF8303}" = Eagle CUDA 240 S/GPS Demo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E6679EB-C736-40E6-A1E5-F97F69A096E3}" = Wireless Monitoring System
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{643F4F69-5A6A-4B52-BD56-5909800B556F}" = 8500A909_Help_BasicWeb
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89C952FE-3B6E-4462-9A5B-DDBEFC2C1A0C}" = Eagle IntelliMap 320 Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{978AFF1A-B939-4177-B85A-C87B1867AC5C}" = 8500A909_BasicWeb
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{B1054C0C-0C16-41E1-8A9D-35F065793E92}" = HP Officejet Pro 8500 A909 Series
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"0587FB824A2C7876CE70A17CA0BABB28702DE6DC" = Windows Driver Package - OEM (mr8980) Image (07/02/2010 1.0.0.0)
"7-Zip" = 7-zip v9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{1E6679EB-C736-40E6-A1E5-F97F69A096E3}" = Wireless Monitoring System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROR" = Microsoft Office Professional 2007
"PS2" = PS2
"StartNow Toolbar" = StartNow Toolbar
"TurboTax 2011" = TurboTax 2011
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 8/21/2012 7:00:38 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Error - 8/21/2012 7:03:48 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Error - 8/21/2012 7:06:53 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Error - 8/21/2012 7:09:58 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Error - 8/21/2012 7:13:07 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Error - 8/21/2012 7:16:17 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Error - 8/21/2012 7:19:35 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Error - 8/21/2012 7:22:40 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Error - 8/21/2012 7:25:48 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Error - 8/21/2012 7:29:07 PM | Computer Name = JERRY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
[ OSession Events ]
Error - 2/14/2012 4:21:02 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 78073
seconds with 5880 seconds of active time. This session ended with a crash.
Error - 2/14/2012 4:21:44 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2/29/2012 5:40:48 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 4/19/2012 8:24:42 PM | Computer Name = HOME-FCEUQ7W5OF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 184892
seconds with 6120 seconds of active time. This session ended with a crash.
Error - 5/17/2012 2:28:11 PM | Computer Name = JERRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2444
seconds with 2040 seconds of active time. This session ended with a crash.
Error - 8/10/2012 1:11:26 PM | Computer Name = JERRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 174309
seconds with 6780 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8/21/2012 1:20:43 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 8/21/2012 1:20:44 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 8/21/2012 1:20:44 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 8/21/2012 1:20:44 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 8/21/2012 1:20:47 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 8/21/2012 1:20:47 PM | Computer Name = JERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 8/21/2012 5:41:03 PM | Computer Name = JERRY | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2
Error - 8/21/2012 5:41:03 PM | Computer Name = JERRY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.
Error - 8/21/2012 5:41:03 PM | Computer Name = JERRY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053
Error - 8/21/2012 5:41:03 PM | Computer Name = JERRY | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2
< End of report >
Let me know what to do.
Thanks...Ann