Palladium Virus

jacquefromla · Jan 2, 2011

Happy New Years C.H.F., its me again. Ill keep this brief or try too-

Ive logged on to my space for the first time in months and that address caused a Windows Security Alert to pop up. It closed all my browsers and will not let me on the web, even logging on as a differnt user in Windows hasnt helped. Right now Im working in Safe Mode.

So what I know is its called Palladum (or Palladium?), they want $100 to unlock modules that will clean my PC. I swear under oath I dont go to any questionable sites, download any email attachments, Limewire is history so I couldnt of gotten something downloading torrents etc. I do download movies, is it possible a virus is imbeded in a divx file I download? No I dont use any virus or malware protection.

Makcalable · Jan 2, 2011

Palladium Antivirus is a fake or rogue AV i think you are infected with a trojon or virus.

some will be here to lend professional advice on this.

you say you dont use any AV protection at all?? well that a big no no for a start.

Press CTRL+ALT+DEL to run task manager, and ended the palladium.exe process if that is there.

and wait for further advice my friend.

BeeCeeBee · Jan 2, 2011

I will pass this on to our malware removal experts. I am surprised by your comment about having no AV programs. I looked back to last April and it seems that you did. Whatever! The thing is, once this is cleared up you need to do something about that. While I don't use it myself Windows Security Essentials is pretty comprehensive and can be downloaded in one swell foop!

jacquefromla · Jan 2, 2011

Thanks Bugsy & BeeCeeBee!

Im logged in as admin now in Safe Mode. Im only seeing about 6 things in task manager none look out of the ordinary. Ill exit safe mode and log on to see whats running in my other user accounts that palladium is popping up on.

Makcalable · Jan 2, 2011

Be best just to wait in case it causes any damage to system files.

starbuck · Jan 3, 2011

Hi jacquefromla,

Let's see what we can do to help you.

Please complete steps 2,3 and 4 whilst in safe mode with networking.

Step 1

Please reboot your computer in Safe Mode with Networking by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
You will need to use the 'keyboard arrow keys' to navigate on this menu.
* Select the option, to run Windows in Safe Mode with Networking, then press "Enter".
* Then choose your usual account.

Step 2

Start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options
Click on the Connections tab
Click on the Lan Settings button
Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen
Then press the OK button to close the Internet Options screen.

Internet Explorer should now work.
Or you can use Firefox to complete the next few steps.

Step 3
Please download RKill.com to your desktop from the following link.:
Rkill download link
Download page will open in a new tab or browser window.
When at the download page, click on the Download Now button to download RKill.com and save it on your desktop.
Once it is downloaded, double-click on the rkill.com icon.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself .

If the malware is persistant, you may have to run RKill a number of times.
When it has finished, the black window will automatically close and you can continue with the next step.

If you continue having problems running rkill.com, you can download iExplore or eXplorer.exe from the rkill download page. Both of these files are renamed copies of rkill.com, which you can try instead. Please note that the download page will open in a new browser window or tab.

Note
Please do not reboot your system until you have completed the following step, or the Malware will restart itself:

Step 4
Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.

Double-click on Download_mbam-setup.exe to install the application.

When the installation begins, follow the prompts and do not make any changes to default settings.

When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Full Scan" option is selected.

Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

Make sure that everything is checked, and click Remove Selected.

When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

In your next reply, please submit:
MBAM scan report

Thanks.

jacquefromla · Jan 3, 2011

Hi Starbuck, thanks for your help here is my log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5448

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

1/3/2011 10:11:08 AM
mbam-log-2011-01-03 (10-11-08).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 274014
Time elapsed: 29 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Owner\Local Settings\Application Data\ave.exe" /START "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\HP_Owner\application data\Sun\Java\deployment\cache\6.0\8\62e60948-4c8bede7 (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\local settings\temp\0.34225973866294.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\Jacque2\application data\Sun\Java\deployment\cache\6.0\8\62e60948-1727ada0 (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\Jacque2\local settings\Temp\0.11234068651781981.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

jacquefromla · Jan 3, 2011

Starbuck palladium is coming into safe mode on 2 of my 3 user ids on this PC. This just happened after I posted the log and restarted my PC. Only the admin is working in Safe Mode the other 2 users in safe mode start up in safe mode and the desktop is black with SAFE MODE and a palladium banner is all that is on the desktop.

Makcalable · Jan 3, 2011

Ctrl > shift >Esc > processes > end palladium.exe process if it is there.

and please wait for further advice from starbuck

BeeCeeBee · Jan 3, 2011

I appreciate that this thread is not in Malware Removal but it really should have been moved there. Our rules about malware removal are very clear although you may have had no reason to read them as yet. This is not a reflection on you, Bugsy, or your advice. However, once something is turned over to Starbuck or any Malware removal expert, members (including all staff ) are not permitted to offer advice other than to help the member through the process.

If you feel that there is something that Starbuck should consider you should PM him rather than post it.

As I said, this is not a reflection on anyone but, rather, a good time to remind members of our rules. http://computerhelpforums.net/forum-57/announcement-7-posting-restrictions-in-this-forum/

I am moving this thread.

starbuck · Feb 3, 2014

Hi jacquefromla,

Ctrl > shift >Esc .. click on the processes tab > end the palladium.exe process if it is there.
Click to expand...

That should help ... just don't reboot the system.

or
Boot into Safemode with networking again and run the 'RKill' program again ( to stop the rogue process )

Then follow the next step.

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check.

Also check the 'Scan all users' box

.

.
.

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.
.

Click the Run Scan button.

Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

Thanks

jacquefromla · Jan 3, 2011

When I run rkill this is what I get
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/03/2011 at 13:50:47.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 01/03/2011 at 13:50:50.

It does not show palladium.exe in my process tab right now logged in as admin. I can exit admin logon under another user (yes palladium.exe was in the task manager last time I tried) and try to stop it is that what I should do? Im being cautious because after it affected the safe mode of the other users I didnt even want to turn my pc off and risk compromising the admin account.

starbuck · Jan 3, 2011

If you can get on to the internet ok, then download and run the OTL program.
The reports will help us a lot in determining what we need to nuke.
Once we have killed it off enough we can run other tools without a problem.

jacquefromla · Jan 3, 2011

Starbuck the OTL program has changed a tad from your screen shot, File Scans now has 3 boxes and the last one was checked by default and the box called extra registry had none checked by default so after my first go around at OTL only produced one log I went back and unchecked the 3rd box in File Scans and changed the other box. I hoped this didn't compromise the scan or logs.

OTL logfile created on: 1/3/2011 9:18:04 PM - Run 4
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 245.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 124.91 Gb Free Space | 69.20% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.06% Space Free | Partition Type: FAT32

Computer Name: YOUR-AE066C3A9B | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.scr (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- c:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (bsusbser) -- C:\WINDOWS\system32\drivers\bsusbser.sys (QUALCOMM Incorporated)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1835168029-1601604798-751144177-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/02 10:13:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 17:25:57 | 000,000,000 | ---D | M]

[2011/01/02 16:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/01/02 16:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\chxqekxm.default\extensions
[2010/12/31 23:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/12 10:28:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2004/08/04 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-500\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-500\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/27 10:55:35 | 000,000,752 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2005/08/13 14:48:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/01/03 08:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/01/03 08:57:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/03 08:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/03 08:57:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/03 08:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/01/02 16:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/01/02 16:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/01/02 11:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2011/01/02 11:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2011/01/02 10:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/01/02 10:28:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/01/02 10:27:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/01/02 10:27:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/01/02 10:27:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/01/02 10:27:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/01/02 10:27:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/01/02 10:27:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/01/02 10:27:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/01/02 10:27:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2011/01/02 10:27:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/01/02 10:27:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/02 10:27:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/01/02 10:27:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/01/02 10:27:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/01/02 10:27:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/01/02 10:27:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/01/02 10:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2011/01/02 10:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WeatherBug
[2011/01/02 10:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SpamSubtract Spam Manager
[2011/01/02 10:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Quicken
[2011/01/02 10:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Online Services
[2011/01/02 10:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Games
[2010/12/17 00:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SmartPack
[2010/12/17 00:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPack
[2010/12/13 16:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Open DVD ripper
[2010/12/13 16:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Open DVD ripper
[2010/12/08 10:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\aTube Catcher
[2010/12/08 10:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\DsNET Corp

========== Files - Modified Within 30 Days ==========

[2011/01/03 16:29:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/03 16:28:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/01/03 16:24:37 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/03 16:21:47 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2011/01/03 16:21:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2011/01/03 10:18:02 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/01/03 08:57:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 16:58:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/02 10:20:18 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/01/02 10:15:43 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/01/02 10:06:05 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/01/02 09:42:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/01 23:23:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/20 22:34:33 | 3526,459,392 | ---- | M] () -- C:\Disc1.iso
[2010/12/20 22:34:33 | 000,004,314 | ---- | M] () -- C:\Disc1.mds
[2010/12/20 21:06:10 | 3742,859,264 | ---- | M] () -- C:\religlous.iso
[2010/12/20 21:06:10 | 000,004,314 | ---- | M] () -- C:\religlous.mds
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/18 19:48:27 | 000,040,448 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/08 10:33:37 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk

========== Files Created - No Company Name ==========

[2011/01/03 08:57:37 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 10:27:57 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/01/02 10:27:57 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/01/02 10:27:57 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/02 10:27:57 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/01/02 10:27:57 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/02 10:27:57 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2011/01/02 10:27:56 | 002,251,558 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2011/01/02 10:27:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/01/02 10:27:52 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2011/01/02 10:27:52 | 000,208,896 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2011/01/02 10:27:52 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2011/01/02 10:15:43 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/01/02 10:15:43 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2011/01/02 10:15:43 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/01/02 10:15:43 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2011/01/02 10:15:42 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/01/02 10:06:10 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/01/02 10:06:10 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/01/02 10:06:10 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/01/02 10:06:10 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/01/02 10:06:10 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/01/02 10:06:07 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/01/02 10:06:07 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/01/02 10:05:53 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/12/20 21:06:10 | 000,004,314 | ---- | C] () -- C:\religlous.mds
[2010/12/20 20:57:42 | 3742,859,264 | ---- | C] () -- C:\religlous.iso
[2010/12/13 13:55:54 | 000,004,314 | ---- | C] () -- C:\Disc1.mds
[2010/12/13 13:51:51 | 3526,459,392 | ---- | C] () -- C:\Disc1.iso
[2010/12/08 10:33:37 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk
[2010/06/12 17:44:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/08 00:20:59 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2010/02/22 08:58:35 | 000,007,337 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2010/02/22 08:58:17 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010/02/18 13:52:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2010/01/10 16:22:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/01/10 15:52:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/10 13:34:00 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/07 03:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2006/06/10 08:17:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/08/13 14:46:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/13 14:46:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/13 14:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/13 14:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/13 14:46:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/13 14:46:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/18 23:29:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/08/16 13:46:55 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2004/08/16 13:11:03 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004/08/16 13:10:52 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004/08/16 13:09:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/16 13:08:48 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/16 13:08:48 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/16 13:08:48 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/16 13:08:48 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/16 13:08:48 | 000,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/08/16 13:08:48 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004/08/16 13:08:48 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004/08/16 13:08:48 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004/08/16 13:08:48 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004/08/16 13:08:48 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004/08/16 13:08:25 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004/08/16 13:08:11 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004/08/16 13:08:11 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/16 13:08:09 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004/08/16 13:08:02 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004/08/16 13:07:13 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004/08/08 07:16:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 13:39:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/08/07 13:39:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/07 13:39:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/07 13:34:39 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/07 13:28:27 | 000,026,939 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/07 13:27:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/07 13:17:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/07 12:24:38 | 000,003,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/08/07 12:17:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/07 11:26:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/07 11:26:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/07 11:25:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/07 11:07:48 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 11:03:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/08/07 11:00:47 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/08/07 11:00:47 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/08/07 10:59:47 | 000,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2004/08/07 10:59:47 | 000,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004/08/07 10:47:30 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/07 10:47:29 | 000,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2004/08/07 10:47:29 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/07 10:47:13 | 000,000,992 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 10:47:12 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/08/07 10:47:12 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/07 10:47:07 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/07 10:47:07 | 000,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004/08/07 10:47:06 | 000,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004/08/07 10:47:05 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2004/08/07 10:47:05 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/07 10:47:05 | 000,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/07 10:47:05 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2004/08/07 10:47:05 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2004/08/07 10:47:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2004/08/07 10:47:05 | 000,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004/08/07 10:47:05 | 000,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004/08/07 10:47:05 | 000,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004/08/07 10:47:05 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004/08/07 10:47:05 | 000,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004/08/07 10:47:01 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004/08/07 10:47:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/07 10:46:56 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/07 10:46:53 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004/08/07 10:46:53 | 000,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/07 10:46:48 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2004/08/07 10:46:48 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/07 10:46:45 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/07 03:55:52 | 000,441,626 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/08/07 03:55:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 03:55:29 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/06/29 04:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/27 16:10:30 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/03/06 21:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/23 09:30:00 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2003/01/23 09:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/24 17:38:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2001/08/17 21:36:28 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

========== LOP Check ==========

[2004/08/07 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2004/10/13 12:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2005/02/13 17:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0205
[2010/04/30 11:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2005/05/19 10:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/16 09:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/07 02:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2004/08/07 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2004/08/07 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacque2\Application Data\SampleView
[2011/01/02 10:06:05 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/01/02 10:06:13 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/01/02 10:15:43 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/01/03 10:18:02 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/01/02 10:15:44 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/01/02 10:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/01/02 10:06:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >
[2010/04/18 12:24:51 | 000,293,376 | ---- | M] () -- C:\873nuhin.exe

< MD5 for: AGP440.SYS >
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

jacquefromla · Jan 3, 2011

OTL Extras logfile created on: 1/3/2011 9:18:04 PM - Run 4
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 245.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 124.91 Gb Free Space | 69.20% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.06% Space Free | Partition Type: FAT32

Computer Name: YOUR-AE066C3A9B | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1835168029-1601604798-751144177-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{48FCCE4F-9D37-41BA-92C1-17BF5CFAA347}" = hp officejet 5100 series
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71C27D05-DFB4-4585-919E-631379695D72}" = Samsung PC Studio 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E67064-A144-42A6-BC85-12276B2D5D42}" = 2400_2500Help
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B957F8D-FBDE-4DB4-99E7-192487575050}" = 23_24_2500Tour
"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402
"{8FD62EBB-3175-4907-A326-989B14E5C757}" = hp deskjet 3500
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9AD84892-7664-479C-8F95-7A25B964B04D}" = 2400_2500trb
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FBCFA617-1856-4BE2-BA3C-BADD374757E7}" = 2500
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"aTube Catcher" = aTube Catcher
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVSRegistryCleaner_is1" = AVS Registry Cleaner version 1.2
"BackWeb-309731 Uninstaller" = Updates from HP
"BroadJump Client Foundation" = BroadJump Client Foundation
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Help and Support Additions" = Help and Support Additions
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Photo Printing Software" = HP Photo Printing Software
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Basic)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Open DVD ripper_is1" = Open DVD ripper 1.70 Build 430
"PlexUtil" = SmartPack 1.20.5
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"VLC media player" = VLC media player 1.1.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2010 1:13:58 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 12/24/2010 11:01:10 PM | Computer Name = YOUR-AE066C3A9B | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.

Error - 12/25/2010 1:35:03 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 12/25/2010 1:35:13 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 12/27/2010 12:10:38 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 12/28/2010 3:15:24 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 12/28/2010 6:01:23 PM | Computer Name = YOUR-AE066C3A9B | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2010 12:35:40 AM | Computer Name = YOUR-AE066C3A9B | Source = Bonjour Service | ID = 100
Description = 236: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/2/2011 2:11:30 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 1/2/2011 3:16:38 PM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 1/3/2011 2:20:41 PM | Computer Name = YOUR-AE066C3A9B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/3/2011 2:22:07 PM | Computer Name = YOUR-AE066C3A9B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/3/2011 2:23:18 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm StarOpen

Error - 1/3/2011 8:20:39 PM | Computer Name = YOUR-AE066C3A9B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/3/2011 8:21:41 PM | Computer Name = YOUR-AE066C3A9B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/3/2011 8:21:47 PM | Computer Name = YOUR-AE066C3A9B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/3/2011 8:29:58 PM | Computer Name = YOUR-AE066C3A9B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/3/2011 8:31:01 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm StarOpen

Error - 1/3/2011 8:32:52 PM | Computer Name = YOUR-AE066C3A9B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 1/3/2011 8:33:02 PM | Computer Name = YOUR-AE066C3A9B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

< End of report >

starbuck · Feb 3, 2014

Hi jacquefromla,

Starbuck the OTL program has changed a tad from your screen shot
Click to expand...

OT does change things sometimes.
I'll get a fresh screenshot done today and update it.

I hoped this didn't compromise the scan or logs.
Click to expand...

Everything is fine, i can see what i need to see.
The OTL version i had you download was a .scr version..... if anything is trying to stop your .exe programs from running, OTL should still run ok.

The report isn't as bad as i thought it would be, but try and run things in normal mode if possible.
It does give better info that way.
I have to say though ... your system is fairly out of date as far as Windows updates are concerned.

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Click to expand...

We should address this once we have cleaned the machine.

Step 1
Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

Java 2 Runtime Environment, SE v1.4.2_03
J2SE Runtime Environment 5.0 Update 5
These are old versions of Java.

Step 2
Double click on OTL.exe to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

:Otl
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2010/04/18 12:24:51 | 000,293,376 | ---- | M] () -- C:\873nuhin.exe
[2011/01/02 10:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec

:Files
C:\WINDOWS\tasks\At*.job
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]

Return to OTL,

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.

Click the red Run Fix button.

OTL will reboot your system once the fix has completed.

After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

Step 3
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

This is an example, you may rename ComboFix to anything you want.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
For more information read:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then:

Double click on Combo-Fix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If running Vista, you may not see this screen

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 4
You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:

Avira AntiVir

Avast free

MS Security Essentials ... see note*

Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

Note*:
Upon installation MS Security Essentials will check that your OS is a legal copy.

In your next reply, please submit:
Otl fix report
Combofix.txt

also let me know which AV you installed.

Thanks.

jacquefromla · Jan 4, 2011

I cant get past step 1. I tried working out of safe mode and the palladium banner is the only thing that is showing on my desktop besides my wall paper. While working in safe mode it wont let me remove the programs, should I proceed to step number 2?

starbuck · Jan 4, 2011

Hi jacquefromla,

should I proceed to step number 2?
Click to expand...

Yes, proceed to step 2.
We can come back to step 1 a bit later.

If you can only run in safe mode..... use safe mode with networking for Step 3.
Combofix will run in safe mode (although it's more powerful in normal mode)
If we can kill this enough for you to run normal mode..... we can always run the programs again later.

jacquefromla · Jan 4, 2011

Ive gotten back into normal mode

My first OTL fix missed the last ] so i reran it and am posting the 2 logs now

All processes killed
========== OTL ==========
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE moved successfully.
Service Automatic LiveUpdate Scheduler stopped successfully!
Service Automatic LiveUpdate Scheduler deleted successfully!
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\873nuhin.exe moved successfully.
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Symantec folder moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2477077 bytes
->Temporary Internet Files folder emptied: 33270615 bytes
->FireFox cache emptied: 96669401 bytes
->Flash cache emptied: 3738 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 10928281 bytes
->Temporary Internet Files folder emptied: 527419463 bytes
->Java cache emptied: 10851999 bytes
->FireFox cache emptied: 57216855 bytes
->Flash cache emptied: 250966 bytes

User: Jacque2
->Temp folder emptied: 414066 bytes
->Temporary Internet Files folder emptied: 726613 bytes
->Java cache emptied: 7808 bytes
->FireFox cache emptied: 10830561 bytes
->Flash cache emptied: 871 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 217660522 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 96799588 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3209541632 bytes

Total Files Cleaned = 4,077.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[EMPTYFLASH> in the current context!

OTL by OldTimer - Version 3.2.20.1 log created on 01042011_125300

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

------------------------------------
All processes killed
========== OTL ==========
Error: No service named LiveUpdate was found to stop!
Service\Driver key LiveUpdate not found.
File C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE not found.
Error: No service named Automatic LiveUpdate Scheduler was found to stop!
Service\Driver key Automatic LiveUpdate Scheduler not found.
File C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
File C:\873nuhin.exe not found.
Folder C:\Documents and Settings\Administrator\Application Data\Symantec\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\tasks\At*.job not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 2576 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 7140 bytes
->FireFox cache emptied: 17868696 bytes
->Flash cache emptied: 456 bytes

User: Jacque2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Owner
->Flash cache emptied: 0 bytes

User: Jacque2
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01042011_131017

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
-----------------------------------------------------------

proceeding to step3 now

jacquefromla · Jan 4, 2011

Starbuck the log is 88kb+, too big to post in the forum. Ill try to attach it first, or if you prefer I can split it up into as many smaller posts as need be. View attachment Step3log.txt

moving into step 4

Log in or Sign up

Palladium Virus

jacquefromla Member

Makcalable Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

jacquefromla Member

Makcalable Registered Members

starbuck Rest In Peace Pete Administrator

jacquefromla Member

jacquefromla Member

Makcalable Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

jacquefromla Member

Share This Page

Log in or Sign up

Palladium Virus

jacquefromla Member

Makcalable Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

jacquefromla Member

Makcalable Registered Members

starbuck Rest In Peace Pete Administrator

jacquefromla Member

jacquefromla Member

Makcalable Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

jacquefromla Member

Share This Page

Useful Searches