Palladium Virus

jacquefromla · Jan 4, 2011

I added MS Security Essentials ran a full scan it came back with nothing. My desktop has a palladium icon although earlier it was a nice pretty icon and now its changed to a blank white window looking icon. Should I delete it.

starbuck · Jan 4, 2011

Hi jacquefromla,

the log is 88kb+, too big to post in the forum. Ill try to attach it firs
Click to expand...

Good thinking.

My desktop has a palladium icon although earlier it was a nice pretty icon and now its changed to a blank white window looking icon. Should I delete it.
Click to expand...

Yes you can delete it. (then empty the recycle bin)

Normal mode should run fine now.

Let's get a fresh MBAM scan done double check everything so far.

Please update MBAM and run another scan:
Start MBAM
Click on the Update tab

Click Check for Updates

If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

Make sure that everything is checked, and click Remove Selected.

When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Click to expand...

In your next reply, please submit:
New MBAM scan report
and let me know how the system behaves now.

Thanks.

jacquefromla · Jan 4, 2011

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5461

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/4/2011 5:43:43 PM
mbam-log-2011-01-04 (17-43-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 251930
Time elapsed: 56 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\documents and settings\HP_Owner\application data\palladium.exe.vir (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\Jacque2\application data\palladium.exe.vir (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e7b21304-9105-4d9d-afac-e7088fdcc6a0}\RP403\A0057225.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e7b21304-9105-4d9d-afac-e7088fdcc6a0}\RP403\A0057226.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Jacque2\Desktop\palladium.lnk (Rogue.Palladium) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\start menu\Programs\palladium.lnk (Rogue.Palladium) -> Quarantined and deleted successfully.
c:\documents and settings\Jacque2\start menu\Programs\palladium.lnk (Rogue.Palladium) -> Quarantined and deleted successfully.

starbuck · Jan 4, 2011

Hi jacquefromla,

Actually the MBAM report isn't as bad as it seems.

c:\Qoobox\quarantine\C\documents and settings\HP_Owner\application data\palladium.exe.vir (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\Jacque2\application data\palladium.exe.vir (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e7b21304-9105-4d9d-afac-e7088fdcc6a0}\RP403\A0057225.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e7b21304-9105-4d9d-afac-e7088fdcc6a0}\RP403\A0057226.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
Click to expand...

These items were already safe and the infected restore points are to be expected .... that's why we clean them at the end.

c:\documents and settings\Jacque2\Desktop\palladium.lnk (Rogue.Palladium) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\start menu\Programs\palladium.lnk (Rogue.Palladium) -> Quarantined and deleted successfully.
c:\documents and settings\Jacque2\start menu\Programs\palladium.lnk (Rogue.Palladium) -> Quarantined and deleted successfully.
Click to expand...

Basically shortcuts leftover.... they wouldn't cause any problem.

How's the system running now..... any problems?

jacquefromla · Jan 5, 2011

starbuck said: ↑

Hi jacquefromla,

Actually the MBAM report isn't as bad as it seems.

These items were already safe and the infected restore points are to be expected .... that's why we clean them at the end.

Basically shortcuts leftover.... they wouldn't cause any problem.

How's the system running now..... any problems?
Click to expand...

System is
I cant thank you enough Starbuck

starbuck · Jan 6, 2011

Hi jacquefromla,

I cant thank you enough Starbuck
Click to expand...

you are more than welcome, it's all part of the service.

I'd like to see another set of Otl reports now.

Double click on OTL.exe to run it.

Under Extra Registry section, select Use SafeList.

Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.

Click on Run Scan at the top left hand corner.

When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks

jacquefromla · Jan 9, 2011

OTL logfile created on: 1/9/2011 2:56:27 PM - Run 5
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 221.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 112.65 Gb Free Space | 62.41% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.06% Space Free | Partition Type: FAT32

Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\FoxyTunes\FoxyTunesEngine\1.0.0.7271_{D0A80AE4-1FC9-4DDA-88CE-256068EB6193}\FoxyTunesEngine.exe (FoxyTunes Ltd)
PRC - C:\Program Files\Yahoo!\common\YMailAdvisor.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Owner\Desktop\OTL.scr (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- c:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (bsusbser) -- C:\WINDOWS\system32\drivers\bsusbser.sys (QUALCOMM Incorporated)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=16794S&l=dis
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/02 10:13:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 17:25:57 | 000,000,000 | ---D | M]

[2010/01/12 10:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/01/12 10:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/09 14:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions
[2010/07/06 08:14:32 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/16 13:16:08 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}(2)
[2010/01/11 08:34:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/16 13:16:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)
[2010/10/29 00:24:25 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rtxtxfc.default\searchplugins\askcom.xml
[2011/01/08 14:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/12 10:28:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/01/04 13:28:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/27 10:55:35 | 000,000,752 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2005/08/13 14:48:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/04 15:47:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/04 13:53:20 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/01/04 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/04 12:36:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
[2011/01/03 08:57:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/03 08:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/03 08:57:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 00:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\SmartPack
[2010/12/17 00:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\SmartPack
[2010/12/17 00:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SmartPack
[2010/12/17 00:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPack
[2010/12/13 16:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Open DVD ripper
[2010/12/13 16:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Open DVD ripper

========== Files - Modified Within 30 Days ==========

[2011/01/09 14:42:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/09 10:30:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/09 01:41:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/09 00:42:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/08 23:23:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/07 22:04:07 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/01/07 22:03:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/06 21:30:27 | 000,063,918 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1272.jpg
[2011/01/06 21:26:35 | 000,099,968 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\127hours.jpg
[2011/01/06 20:35:11 | 002,992,861 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Sonyc905.pdf
[2011/01/05 22:18:05 | 000,102,342 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\tt.jpg
[2011/01/05 22:09:25 | 000,094,757 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\tt2.jpg
[2011/01/05 17:28:51 | 000,041,758 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Paypal-Greendot
[2011/01/04 17:09:34 | 000,001,782 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\MFB.rtf
[2011/01/04 13:49:40 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/01/04 13:48:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/04 13:28:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/04 13:20:13 | 004,013,049 | R--- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Step3.exe
[2011/01/04 12:38:30 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\rkill.com
[2011/01/04 12:36:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
[2011/01/03 08:57:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 10:24:55 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\completescan_pal
[2011/01/02 10:08:36 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\install_pal
[2011/01/02 10:05:33 | 000,000,007 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\uid_pal
[2010/12/30 10:47:27 | 000,000,504 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ebay1.rtf
[2010/12/28 16:26:42 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/20 22:34:33 | 3526,459,392 | ---- | M] () -- C:\Disc1.iso
[2010/12/20 22:34:33 | 000,004,314 | ---- | M] () -- C:\Disc1.mds
[2010/12/20 21:06:10 | 3742,859,264 | ---- | M] () -- C:\religlous.iso
[2010/12/20 21:06:10 | 000,004,314 | ---- | M] () -- C:\religlous.mds
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/18 19:48:27 | 000,040,448 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/17 00:15:30 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\PLDS SmartPack Utility.lnk
[2010/12/15 13:27:32 | 000,090,058 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\puddingstone lake - Google Maps_1292445416665.jpeg
[2010/12/15 13:26:38 | 000,117,425 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\puddingstone lake - Google Maps_1292445544821.jpeg
[2010/12/15 13:24:45 | 000,162,901 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\puddingstone lake - Google Maps_1292445445567.jpeg
[2010/12/15 12:37:55 | 000,083,299 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\puddingstone lake - Google Maps_1292445472948.jpeg
[2010/12/15 12:36:31 | 000,079,534 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\puddingstone lake - Google Maps_1292445384296.jpeg
[2010/12/13 16:31:32 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Open DVD ripper.lnk

========== Files Created - No Company Name ==========

[2011/01/06 21:27:06 | 000,063,918 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1272.jpg
[2011/01/06 21:26:33 | 000,099,968 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\127hours.jpg
[2011/01/06 20:35:11 | 002,992,861 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Sonyc905.pdf
[2011/01/05 22:09:24 | 000,094,757 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\tt2.jpg
[2011/01/05 22:08:05 | 000,102,342 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\tt.jpg
[2011/01/05 17:28:51 | 000,041,758 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Paypal-Greendot
[2011/01/04 17:09:32 | 000,001,782 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\MFB.rtf
[2011/01/04 13:54:31 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/04 13:20:13 | 004,013,049 | R--- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Step3.exe
[2011/01/04 12:38:30 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\rkill.com
[2011/01/04 11:46:22 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/01/03 08:57:37 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 10:24:55 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\completescan_pal
[2011/01/02 10:08:36 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\install_pal
[2011/01/02 10:05:33 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\uid_pal
[2010/12/30 10:47:27 | 000,000,504 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ebay1.rtf
[2010/12/20 21:06:10 | 000,004,314 | ---- | C] () -- C:\religlous.mds
[2010/12/20 20:57:42 | 3742,859,264 | ---- | C] () -- C:\religlous.iso
[2010/12/17 00:15:06 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\PLDS SmartPack Utility.lnk
[2010/12/15 12:39:07 | 000,117,425 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\puddingstone lake - Google Maps_1292445544821.jpeg
[2010/12/15 12:37:55 | 000,083,299 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\puddingstone lake - Google Maps_1292445472948.jpeg
[2010/12/15 12:37:29 | 000,162,901 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\puddingstone lake - Google Maps_1292445445567.jpeg
[2010/12/15 12:37:00 | 000,090,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\puddingstone lake - Google Maps_1292445416665.jpeg
[2010/12/15 12:36:31 | 000,079,534 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\puddingstone lake - Google Maps_1292445384296.jpeg
[2010/12/13 16:31:32 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Open DVD ripper.lnk
[2010/12/13 13:55:54 | 000,004,314 | ---- | C] () -- C:\Disc1.mds
[2010/12/13 13:51:51 | 3526,459,392 | ---- | C] () -- C:\Disc1.iso
[2010/06/12 17:44:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/08 00:20:59 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2010/02/22 08:58:35 | 000,007,337 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2010/02/22 08:58:17 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010/02/18 13:52:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2010/01/10 16:22:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/01/10 15:52:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/10 13:34:00 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/07 03:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2006/06/10 08:17:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/08/13 14:50:16 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/08/13 14:46:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/13 14:46:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/13 14:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/13 14:46:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/13 14:46:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/13 14:46:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/27 10:28:59 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/18 23:29:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/08/16 13:09:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/08 07:16:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 13:39:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/08/07 13:39:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/07 13:39:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/07 13:34:39 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/07 13:28:27 | 000,026,939 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/07 13:27:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/07 13:17:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/07 12:24:38 | 000,003,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/08/07 12:17:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/07 11:26:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/07 11:26:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/07 11:25:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/07 11:07:48 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 10:47:30 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/07 03:55:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/29 04:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/27 16:10:30 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/03/06 21:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/23 09:30:00 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2003/01/23 09:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/24 17:38:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

< End of report >

jacquefromla · Jan 9, 2011

OTL Extras logfile created on: 1/9/2011 2:56:28 PM - Run 5
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 221.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 112.65 Gb Free Space | 62.41% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.06% Space Free | Partition Type: FAT32

Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1835168029-1601604798-751144177-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{48FCCE4F-9D37-41BA-92C1-17BF5CFAA347}" = hp officejet 5100 series
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{71C27D05-DFB4-4585-919E-631379695D72}" = Samsung PC Studio 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E67064-A144-42A6-BC85-12276B2D5D42}" = 2400_2500Help
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B957F8D-FBDE-4DB4-99E7-192487575050}" = 23_24_2500Tour
"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402
"{8FD62EBB-3175-4907-A326-989B14E5C757}" = hp deskjet 3500
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9AD84892-7664-479C-8F95-7A25B964B04D}" = 2400_2500trb
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FBCFA617-1856-4BE2-BA3C-BADD374757E7}" = 2500
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"aTube Catcher" = aTube Catcher
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVSRegistryCleaner_is1" = AVS Registry Cleaner version 1.2
"BackWeb-309731 Uninstaller" = Updates from HP
"BroadJump Client Foundation" = BroadJump Client Foundation
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Help and Support Additions" = Help and Support Additions
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Photo Printing Software" = HP Photo Printing Software
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Basic)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Open DVD ripper_is1" = Open DVD ripper 1.70 Build 430
"PlexUtil" = SmartPack 1.20.5
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"VLC media player" = VLC media player 1.1.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2011 5:12:53 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 1/4/2011 5:13:03 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 1/4/2011 5:49:29 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 1/4/2011 5:59:25 PM | Computer Name = YOUR-AE066C3A9B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/4/2011 5:59:25 PM | Computer Name = YOUR-AE066C3A9B | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/4/2011 6:09:18 PM | Computer Name = YOUR-AE066C3A9B | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8107.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 1/4/2011 9:21:58 PM | Computer Name = YOUR-AE066C3A9B | Source = Application Hang | ID = 1002
Description = Hanging application msseces.exe, version 2.0.657.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/4/2011 9:55:23 PM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

Error - 1/7/2011 6:18:51 AM | Computer Name = YOUR-AE066C3A9B | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/8/2011 2:04:44 AM | Computer Name = YOUR-AE066C3A9B | Source = MsiInstaller | ID = 11706
Description = Product: AiOSoftware -- Error 1706.No valid source could be found
for product AiOSoftware. The Windows Installer cannot continue.

[ System Events ]
Error - 1/4/2011 4:53:01 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/4/2011 4:53:02 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/4/2011 4:53:03 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 1/4/2011 4:53:03 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 1/4/2011 5:10:18 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/4/2011 5:10:18 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/4/2011 5:10:18 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/4/2011 5:10:18 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 1/4/2011 5:10:19 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 1/4/2011 9:46:00 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
fasttx2k PCIIde SISAGP viaagp1

< End of report >

starbuck · Jan 9, 2011

Hi jacquefromla,

Reports look good, but your Java is out of date:

Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) 6 Update 23 and save it to your desktop.

Scroll down to where it says "JDK 6 Update 23 (JDK or JRE).

Click the "Download JRE" button to the right.

select 'Windows' from the Platform down arrow.

Read the License Agreement and then check the box that says: "Accept License Agreement".

Click Continue.

The page will refresh.

Click on the link to download Windows Offline Installation and save the file to your desktop.

Close any programs you may have running - especially your web browser.

Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version.

Let me know if all goes well, if so we'll start to finish off the cleaning process.

Thanks

jacquefromla · Jan 14, 2011

ok Ive installed the java update computers running good.

starbuck · Feb 3, 2014

Hi jacquefromla,

computers running good
Click to expand...

That's what we like to hear.

Let's finish off then:

Step 1
Please uninstall ComboFix by
Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok
.

This action will uninstall Combofix and also perform a few cleanup measures

Step 2
Restart MBAM.
Click on the Quarantine tab
Make sure everything is selected and then click Delete All.
Close MBAM.

Step 3

Please double-click OTL.exe to run it.

You should see a CleanUp! button, press that button,

This will remove anyother programs we have asked you to download along with there associated folders.. plus itself.

Note:
MBAM will not be removed

Step 4
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

Go to Start > Programs > Accessories > System Tools and click "System Restore".

Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Then go to Start > Run and type: Cleanmgr

Click "OK".

Select the drive for cleaning then click OK (usually 'C' drive)

Click the "More Options" Tab.

Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

To find out how you may have been infected....read this topic:
So how did i get infected?

Not all of the following information will be applicable to you, but it's still best to read it all.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Avira AntiVir ....installation guide Here

Avast free

Bitdefender Free

MS Security Essentials ... see note* ...installation guide Here

Note*:
Upon installation MS Security Essentials will check that your OS is a legal copy.

Only install one AntiVirus program

Update your AntiVirus Software regularly

Use a 3rd party Firewall

Online Armor Free

ZoneAlarm ...Important note below

Outpost Firewall Free

Sunbelt Personal Firewall

NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

Only install one software Firewall

Some 3rd party Firewalls will turn off the windows firewall when they are installed.
It's always best to check that the Windows Firewall is turned off:

How to turn off Windows Firewall:
Start ... Control Panel ...click on 'Classic View'.
now select Windows Firewall.
When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:
Malwarebytes Anti-Malware
SUPERAntiSypware
Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Use an alternative browser:
Some excellent alternatives to MS Internet Explorer are:

Firefox
For added security, add the NoScript extension to this browser:
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
also consider adding:
WOT - Safe Browsing Tool

Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
Btw: you don't have to make a contribution.

Opera

They offer better security, more stability, and better speed.

Keep a backup of your registry
Keeping a regular backup of your registry will help when something goes wrong.
Use a program like:
Erunt

A full tutorial on how to set up and use Erunt can be found here:
Erunt tutorial

Keep your system clean of temp files etc, using a 'Cleaner':

Cleaners are programs that will help to clean out your:
Windows temp files
Current user temp files
Cookies
Temporary Internet flies
Browser history
Recycle bin
Etc.......
In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
Programs like:
CCleaner
TFC by OldTimer
ATF Cleaner

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using and installing SpywareBlaster

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing.

jacquefromla · Jan 16, 2011

So this is it....the PC is running good.
Starbuck & BeeCeeBee Thanks for your help! :wave:

starbuck · Jan 16, 2011

You are more than welcome jacquefromla
Take care.

Log in or Sign up

Palladium Virus

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

Share This Page

Log in or Sign up

Palladium Virus

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

jacquefromla Member

starbuck Rest In Peace Pete Administrator

Share This Page

Useful Searches