Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searches redirect elsewhere. Browsers opening random windows.


  • This topic is locked This topic is locked
26 replies to this topic

#1 eperezruberte

eperezruberte

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 December 2009 - 08:08 AM

Hello Sirs!
You have helped me in the past with a few infections :( , but I think this is probably the worse I have ever gotten! I started noticing it when searching on google and even though the search results were right, clicking on them would redirect me to some random search page. I noticed it in Firefox and then I opened IE to try it and it is happening there too. The latest thing that happened was that Firefox opened a window totally randomly (no popup window driven by another page). And also when I logged into my Yahoo! Mail account, it seems the browsers are doing something else BEFORE taking me to my inbox. I am afraid this infection may be giving access to intruders to my Yahoo account. :) Is this possible? When I noticed the browser was taking longer than usual to take me to my inbox, I checked the status bar and I saw something that said "Transferring data from xxx.yimg.com" (I don't recall exactly what the "xxx" were), and it gave me the fear that I may have been transmitting my info to these intruders. :(
I then started following the guide to post and I downloaded and ran the DDS application, however, it does not open the two log windows as expected. It just hangs there.
I then downloaded the RootRepeal app and when I double-clicked on it to start it, it started, but it gave me a popup warning that read "Invalid PE Image" or something close to that. I don't know what that means or whether it is relevant to this issue, but I thought I would mention it just in case.
I was able to run the RootRepeal, however, and below is the post.

Also, FYI, I ran the Malwarebytes AntiMalware application and it found a Trojan.FakeAlert and I removed it (below is the log also). Yes, I did update prior to running it. Also, one last FYI is that I recently got infected with the "Privacy Center" and I removed it following your instructions in another post. Again, not sure if this is relevant, but I wanted to let you know.

The last thing that happened, just as I hit the "Preview Post" button, was that Firefox opened 5 windows at random and some of them did not load and three of them where the following address "file:///C:/Program%20Files/Mozilla%20Firefox/" and it shows the contents of that folder.

Your help is greatly appreciated!

=================
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/02 19:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINNT\system32\drivers\rootrepeal.sys
Address: 0x92E44000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Fotos\Navidades 2007\Faro Cabo Rojo Fresco 1.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: c:\winnt\temp\mcmsc_6vzjtffpw0fvczj
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\winnt\temp\mcmsc_be35c5kytx3z7wr
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\winnt\temp\sqlite_pauvcb6prwqk0jx
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\winnt\temp\sqlite_rjel9hrh536pdda
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\winnt\temp\sqlite_s0gw45mfadcltop
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\winnt\temp\sqlite_912mush5qbxxhad
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\winnt\temp\sqlite_bad4dapuepkgkbs
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\winnt\temp\sqlite_yyhlrlrdhrlpqwd
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\eddie perez-ruberte.home\privacie\index.dat
Status: Allocation size mismatch (API: 1892352, Raw: 1904640)

Path: c:\documents and settings\eddie perez-ruberte.home\local settings\temp\~df2f6c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\eddie perez-ruberte.home\local settings\temp\~df4dfd.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\eddie perez-ruberte.home\local settings\temporary internet files\antiphishing\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat
Status: Allocation size mismatch (API: 8192, Raw: 20480)

==EOF==


===========================
Malwarebytes' Anti-Malware 1.41
Database version: 3284
Windows 5.1.2600 Service Pack 3

12/3/2009 6:05:15 AM
mbam-log-2009-12-03 (06-05-15).txt

Scan type: Quick Scan
Objects scanned: 135509
Time elapsed: 29 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 04 December 2009 - 09:49 AM

Hello! I was able to run DDS. Here is the DDS.txt and attached are the Attach.txt and Ark.txt. Thanks for your help!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Eddie Perez-Ruberte at 7:21:34.93 on Fri 12/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2048.1514 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\MMKeybd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\QTTask.exe
H:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
svchost.exe
H:\Program Files\Palm2\Hotsync.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Stickies\stickies.exe
C:\WINNT\Nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINNT\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\dds.scr
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
mRun: [DellTouch] c:\winnt\MMKeybd.exe
mRun: [NeroCheck] c:\winnt\system32\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [MioNet] c:\program files\mionet\MioNetLauncher.exe /p
mRun: [Acrobat Assistant 8.0] "h:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\eddiep~1.hom\startm~1\programs\startup\stickies.lnk - h:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\winnt\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - h:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - h:\program files\palm2\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Append to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - h:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} - hxxp://plugin.fileopen.com/current/FileOpen.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\winnt\system32\rundll32.exe c:\winnt\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eddiep~1.hom\applic~1\mozilla\firefox\profiles\yc3od61b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\eddie perez-ruberte.home\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: h:\program files\adobe\acrobat 6.0\acrobat\browser\nppdf32.dll
FF - plugin: h:\program files\adobe\acrobat 8.0\acrobat\browser\nppdf32.dll
FF - plugin: h:\program files\google\picasa3\npPicasa3.dll
FF - plugin: h:\program files\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\winnt\system32\drivers\mfehidk.sys [2009-1-16 214664]
R2 LMIInfo;LogMeIn Kernel Information Provider;h:\program files\logmein\x86\rainfo.sys [2007-8-3 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\winnt\system32\drivers\LMIRfsDriver.sys [2008-1-21 46112]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\winnt\system32\drivers\mfeavfk.sys [2007-6-21 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\winnt\system32\drivers\mfebopk.sys [2007-6-21 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\winnt\system32\drivers\mfesmfk.sys [2007-6-21 40552]
R3 Msikbd2k;DellTouch;c:\winnt\system32\drivers\Msikbd2k.sys [2007-6-25 6942]
S3 mferkdk;McAfee Inc. mferkdk;c:\winnt\system32\drivers\mferkdk.sys [2007-6-21 34248]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2007-6-19 49776]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [2003-6-1 9038]

=============== Created Last 30 ================

2009-11-23 05:27:51 0 d-----w- c:\docume~1\eddiep~1.hom\applic~1\pc
2009-11-22 01:28:43 0 d-----w- c:\program files\Lame for Audacity

==================== Find3M ====================

2009-10-11 11:17:27 411368 ----a-w- c:\winnt\system32\deploytk.dll
2009-09-11 14:18:39 136192 ----a-w- c:\winnt\system32\msv1_0.dll
2003-06-01 08:18:30 271 --sh--w- c:\program files\desktop.ini
2003-06-01 08:18:30 21952 -c-h--w- c:\program files\folder.htt

============= FINISH: 7:27:19.65 ===============

Attached Files



#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 11 December 2009 - 03:20 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#4 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 12 December 2009 - 03:10 AM

Thanks for replying to my post! :( I really appreciate and I know you have been very busy!
Well, unfortunately, things have taken a turn for the worse over here. :)
I downloaded DDS from the first link you provided. I noticed that it said I downloaded dds.com instead of dds.scr, but I still doble-clicked on it to get it started. It was running normally (it seemed), with the screen that explains what it does and that you only require it to be run only once, when, all of a sudden, the computer shut down and started the reboot process. Well, now it does not boot up! :(
and now it gives me the option to start in Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt, Last Known Good Configuration and Normally. Let me just say that I tried EACH and every one of these more than once and none of them works. They all seem to start and then after the Windows XP logo screen, it starts the boot up process again.

I was wondering, since I originally had run DDS and rootkit and posted and attached the logs, can you not use those logs I posted and attached in my first two posts to start working off of that? Because, right now, I don't know how I am going to be able to restart my computer.

Thanks again for your help. I need help!

#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 12 December 2009 - 07:29 AM

Hi,

1. During the rebooting process, repeatedly press the F8 key to enter Windows Advance Options Menu.
2. Use the up and down arrow keys to select Disable automatic restart on system failure and then press the Enter key.
3. Use up and down arrow keys to select the operating system to start (if more than one OS is installed).
4. Press the Enter key.

Instead of restart system should show you bluescreen with error message on it. Note down the error code and description (the part before the parentheses).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 12 December 2009 - 11:49 AM

Hi!

The error code is where it says "Technical Information:", right?

It says
*** STOP: 0x0000007E (0xc0000005, 0x89B8ABCB, 0xF78D669c, 0xF78D6398)

#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 13 December 2009 - 04:50 AM

Hi,

Yes, that's the error code. Please follow the instructions here to create a bootcd. Let me know when you have it ready and we'll see the next steps after that.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 13 December 2009 - 05:33 PM

Hello,

Question: Do I create the Boot CD in another computer (not the affected one)? Otherwise, how can I do it in the computer if I am not able to boot?

Thanks for your help!

#9 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 14 December 2009 - 12:04 AM

OK. I created the boot CD on my wife's computer (not my affected computer) following the instructions from the UBCD4Win website you directed me to. Hopefully this is what I needed to do.

Please, advise me on how to proceed.

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 14 December 2009 - 10:11 AM

Hi,

You need to set your infected system so that it boots from CD/DVD drive as primary option.

When that's done, reboot the system having boot cd in drive. You should be able to reach Windows this way.

When system has started, click start->run->type cmd.exe and press enter. In opened command prompt type this command:
dir /s/a c:\atapi.sys >c:\locations.txt

As a result of this, c:\locations.txt file should exist. Attach the file/post back its contents.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 15 December 2009 - 01:03 AM

Hello! Below is the contents of the file locations.txt after I followed your instructions. I booted the computer with the UBCD4Win CD and I am still in this mode.

Please, let me know what to do next.

Thanks a lot!
----------------------------------------
Volume in drive C is Local Disk
Volume Serial Number is 9C40-A930

Directory of c:\WINNT\system32\drivers

05/07/2008 12:00 PM 96,512 atapi.sys
1 File(s) 96,512 bytes

Total Files Listed:
1 File(s) 96,512 bytes
0 Dir(s) 1,853,714,432 bytes free

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 15 December 2009 - 10:01 AM

Hi,

Download attached zip file (note: the file is meant to be used in this specific case only. Using it in some other system may render system unbootable), extract its contents to c: root (c:\) of infected system and do the following:


Click start->run->type cmd.exe and press enter. In opened command prompt type these commands (I assume you have extracted atapi.sys in c:\):
copy c:\WINNT\system32\drivers\atapi.sys c:\WINNT\system32\drivers\atapi.sys.vir
copy /y c:\atapi.sys c:\WINNT\system32\drivers\atapi.sys

Both commands should give you "1 file(s) copied" -message. If that happened, reboot the system without bootcd and see if it starts.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 15 December 2009 - 11:06 PM

Yes! It booted up! What's next? Should I download DDS and run it like you told me the first time?

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:30 AM

Posted 16 December 2009 - 01:04 AM

Good. Here's the next set of instructions :(
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 16 December 2009 - 08:33 AM

Blade,

Thanks a lot for all your help!

So, you don't need the output of DDS or GMER anymore?

Just so you know. I have been using another computer to connect to the internet while I had the affected computer unplugged from the internet. Well, this morning, I went to connect it to the internet (the affected computer) to download OTL, and as soon as I plugged in the ethernet cable, I got the blue screen of death with a message that said:
"STOP: d0000144 Unknown Hard Error
Unknown Hard Error
Beginning Dump of Physical Memory
Dumping Physical Memopry to Disk: ##"


The "##" was a count that kept increasing slowly. I immediately unplugged the ethernet cable. Then it rebooted and it booted normally (I think). I wanted to let you know about that.

So, I went and downloaded OTL on my other computer and brought it to my affected one and ran it and here are the contents of the files:

OTL.txt
-------------------------
OTL logfile created on: 12/16/2009 6:22:34 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.56% Memory free
3.36 Gb Paging File | 2.88 Gb Available in Paging File | 85.75% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 0.68 Gb Free Space | 1.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 15.86 Gb Total Space | 1.17 Gb Free Space | 7.40% Space Free | Partition Type: NTFS
Drive H: | 49.81 Gb Total Space | 27.89 Gb Free Space | 56.00% Space Free | Partition Type: NTFS
Drive I: | 465.65 Gb Total Space | 399.21 Gb Free Space | 85.73% Space Free | Partition Type: FAT32
Drive J: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 0.58 Gb Free Space | 7.72% Space Free | Partition Type: FAT32

Computer Name: HOME
Current User Name: Eddie Perez-Ruberte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINNT\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - H:\Program Files\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\U3\284521138EC1E4C9\LaunchPad.exe ()
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
PRC - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - H:\Program Files\Palm2\Hotsync.exe (PalmSource, Inc)
PRC - C:\Program Files\Netropa\OSD.exe (Netropa Corp.)
PRC - C:\WINNT\MMKeybd.exe (Netropa Corp.)
PRC - C:\WINNT\Nhksrv.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (ATI Smart) -- C:\WINNT\system32\ati2sgag.exe ()
SRV - (Ati HotKey Poller) -- C:\WINNT\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (UtilMan) -- C:\WINNT\system32\utilman.exe (Microsoft Corporation)
SRV - (LPDSVC) -- C:\WINNT\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV - (LMIMaint) -- H:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (MioNet) -- C:\Program Files\MioNet\MioNetManager.exe ()
SRV - (LogMeIn) -- H:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (AresChatServer) -- H:\Program Files\Ares\chatServer.exe (Ares Development Group)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Nhksrv) -- C:\WINNT\Nhksrv.exe ()
SRV - (Visual Studio Analyzer RPC bridge) -- H:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINNT\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINNT\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINNT\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINNT\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINNT\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (USBAAPL) -- C:\WINNT\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINNT\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ati2mtag) -- C:\WINNT\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (PxHelp20) -- C:\WINNT\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv) -- C:\WINNT\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINNT\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (gameenum) -- C:\WINNT\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Cdralw2k) -- C:\WINNT\system32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_2K) -- C:\WINNT\system32\drivers\cdr4_2K.sys (Sonic Solutions)
DRV - (LMIRfsDriver) -- C:\WINNT\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- H:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (lmimirr) -- C:\WINNT\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (PalmUSBD) -- C:\WINNT\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (BVRPMPR5) -- C:\WINNT\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (FETND5BV) -- C:\WINNT\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (HPZid412) -- C:\WINNT\system32\drivers\hpzid412.sys (HP)
DRV - (HPZius12) -- C:\WINNT\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINNT\system32\drivers\HPZipr12.sys (HP)
DRV - (smwdm) -- C:\WINNT\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (usbhub20) -- C:\WINNT\system32\drivers\usbhub20.sys (Microsoft Corporation)
DRV - (viafilter) -- C:\WINNT\System32\Drivers\viausb.sys (VIA Technologies, Inc.)
DRV - (vulfntrs) -- C:\WINNT\System32\Drivers\vulfntr.sys (VIA Technologies, Inc.)
DRV - (vulfnths) -- C:\WINNT\System32\Drivers\vulfnth.sys (VIA Technologies, Inc.)
DRV - (NTSIM) -- C:\WINNT\system32\ntsim.sys (VIA Technologies, Inc. )
DRV - (aeaudio) -- C:\WINNT\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (FETNDIS) -- C:\WINNT\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )
DRV - (Msikbd2k) -- C:\WINNT\system32\drivers\Msikbd2k.sys (Netropa Corporation)
DRV - (aslm75) -- C:\WINNT\system32\drivers\ASLM75.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/12 00:48:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 11:45:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 11:45:28 | 00,000,000 | ---D | M]

[2008/09/01 20:04:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\Mozilla\Extensions
[2009/12/04 23:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\Mozilla\Firefox\Profiles\yc3od61b.default\extensions
[2007/06/21 21:53:08 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\Mozilla\Firefox\Profiles\yc3od61b.default\searchplugins\siteadvisor.xml
[2009/12/04 23:27:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/21 18:38:54 | 00,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 18:38:56 | 00,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 18:39:18 | 00,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2008/05/30 10:19:22 | 00,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/30 10:19:22 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/30 10:19:22 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2007/06/21 18:39:34 | 00,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/02/20 16:04:02 | 02,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2008/11/15 16:07:08 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2007/06/21 18:40:02 | 00,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: (734 bytes) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DellTouch] C:\WINNT\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = H:\Program Files\Palm2\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Start Menu\Programs\Startup\Stickies.lnk = H:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINNT\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - H:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/15 00:28:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/07/13 06:52:48 | 00,000,000 | ---D | M] - H:\AutoDesk -- [ NTFS ]
O32 - AutoRun File - [2008/02/05 01:14:14 | 00,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/08/20 21:55:06 | 00,000,070 | RH-- | M] () - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 05:27:50 | 00,000,303 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f5eebf7f-ea72-11dd-ae7b-000c6e3db576}\Shell - "" = AutoRun
O33 - MountPoints2\{f5eebf7f-ea72-11dd-ae7b-000c6e3db576}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f5eebf7f-ea72-11dd-ae7b-000c6e3db576}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2007/10/23 00:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINNT\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/16 06:20:51 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\OTL.exe
[2009/12/15 21:07:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/12/15 13:42:02 | 00,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2009/12/02 19:26:23 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\RootRepeal.exe
[2009/11/22 23:50:59 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\mbam-setup.exe
[2009/11/22 22:27:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\pc
[2009/11/22 11:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/11/21 18:28:43 | 00,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2009/09/14 20:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/08 14:21:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/03 12:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2009/06/24 20:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/04/16 11:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/03/29 15:53:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/29 15:53:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/08/02 14:20:28 | 00,220,184 | ---- | C] ( ) -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2005/12/13 17:12:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Local Settings\Application Data\stdole.dll
[9 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[10 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/16 06:30:00 | 00,000,446 | -H-- | M] () -- C:\WINNT\tasks\User_Feed_Synchronization-{204C3918-4B48-4521-A124-17101DA6A2AB}.job
[2009/12/16 06:23:05 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\NTUSER.DAT
[2009/12/16 06:12:00 | 00,013,646 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/12/16 06:10:40 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/12/16 06:10:33 | 00,000,268 | ---- | M] () -- C:\WINNT\MSIOSD.INI
[2009/12/16 06:10:06 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/12/16 06:09:56 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/12/16 06:09:52 | 21,470,61760 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 06:09:50 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\OTL.exe
[2009/12/16 06:09:41 | 80,530,6368 | ---- | M] () -- C:\WINNT\MEMORY.DMP
[2009/12/15 21:08:56 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\3401u8wr.exe
[2009/12/12 00:44:09 | 00,361,369 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\dds.com
[2009/12/12 00:44:01 | 00,019,695 | ---- | M] () -- C:\WINNT\System32\Config.MPF
[2009/12/05 21:29:32 | 00,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2009/12/03 06:14:27 | 00,000,318 | ---- | M] () -- C:\WINNT\MMKEYBD.INI
[2009/12/03 06:10:43 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\ntuser.ini
[2009/12/02 19:27:55 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\settings.dat
[2009/12/02 19:26:38 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\RootRepeal.exe
[2009/12/02 19:12:17 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\dds.scr
[2009/11/26 03:01:28 | 00,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
[2009/11/23 20:21:21 | 07,229,873 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\PalmPixi_UG_Sprint_EN.pdf
[2009/11/22 23:51:08 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\mbam-setup.exe
[2009/11/22 22:27:55 | 00,000,975 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\Control center.lnk
[2009/11/21 17:40:18 | 00,000,535 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\Audacity.lnk
[2009/11/21 12:21:14 | 00,038,519 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\Comma Separated Values (DOS).ADR
[2009/11/20 17:02:12 | 00,038,519 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\Comma Separated Values (Windows).ADR
[2009/11/18 16:47:08 | 00,053,599 | ---- | M] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\Sprint - Printable Receipt.pdf
[9 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[10 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/15 21:10:22 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\3401u8wr.exe
[2009/12/15 13:50:24 | 00,096,512 | ---- | C] () -- C:\WINNT\System32\drivers\atapi.sys.vir
[2009/12/12 00:54:09 | 21,470,61760 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/12 00:43:50 | 00,361,369 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\dds.com
[2009/12/02 19:27:55 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\settings.dat
[2009/12/02 19:12:11 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\dds.scr
[2009/11/23 20:21:18 | 07,229,873 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\PalmPixi_UG_Sprint_EN.pdf
[2009/11/22 22:27:54 | 00,000,975 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\Control center.lnk
[2009/11/21 17:40:18 | 00,000,535 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\Audacity.lnk
[2009/11/21 12:21:14 | 00,038,519 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\Comma Separated Values (DOS).ADR
[2009/11/20 17:02:10 | 00,038,519 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\Comma Separated Values (Windows).ADR
[2009/11/18 16:47:08 | 00,053,599 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop\Sprint - Printable Receipt.pdf
[2009/05/09 21:54:33 | 02,463,976 | ---- | C] () -- C:\WINNT\System32\NPSWF32.dll
[2009/03/29 23:13:11 | 00,060,416 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/15 00:20:38 | 00,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2008/05/30 10:22:22 | 03,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2008/05/30 10:18:56 | 00,000,416 | ---- | C] () -- C:\WINNT\System32\dtu100.dll.manifest
[2008/05/30 10:18:56 | 00,000,416 | ---- | C] () -- C:\WINNT\System32\dpl100.dll.manifest
[2008/05/30 10:18:00 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\DivXWMPExtType.dll
[2008/04/13 22:42:04 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2008/01/31 22:21:16 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\dm.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINNT\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINNT\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINNT\System32\gthrctr.ini
[2007/06/25 22:18:59 | 00,000,318 | ---- | C] () -- C:\WINNT\MMKEYBD.INI
[2007/06/25 22:18:59 | 00,000,268 | ---- | C] () -- C:\WINNT\MSIOSD.INI
[2007/06/25 22:18:53 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\msiosd32.dll
[2007/06/24 19:54:01 | 00,027,286 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Application Data\Personal Address Book.ADR
[2007/06/24 09:40:27 | 00,012,288 | ---- | C] () -- C:\WINNT\impborl.dll
[2007/06/22 23:44:01 | 00,011,776 | ---- | C] () -- C:\WINNT\System32\ZPORT4AS.dll
[2007/06/19 23:31:43 | 00,000,147 | ---- | C] () -- C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Local Settings\Application Data\fusioncache.dat
[2007/06/19 21:51:44 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\vusetup.dll
[2007/05/22 23:50:28 | 00,000,000 | ---- | C] () -- C:\WINNT\QuickInstall.INI
[2007/03/08 21:58:58 | 00,000,291 | ---- | C] () -- C:\WINNT\ias-signup.ini
[2007/03/08 20:54:17 | 00,000,096 | ---- | C] () -- C:\WINNT\instantarticlesubmitter.ini
[2006/09/04 23:09:05 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/19 21:35:23 | 00,000,035 | ---- | C] () -- C:\WINNT\A5W.INI
[2006/03/04 18:03:16 | 00,000,185 | ---- | C] () -- C:\WINNT\mdm.ini
[2006/01/13 00:21:57 | 00,000,000 | ---- | C] () -- C:\WINNT\JDSecure31.INI
[2006/01/13 00:21:53 | 00,249,856 | ---- | C] () -- C:\WINNT\System32\LxrJD31.dll
[2006/01/13 00:21:53 | 00,069,824 | ---- | C] () -- C:\WINNT\System32\drivers\LxrJD31d.sys
[2006/01/13 00:21:53 | 00,061,440 | ---- | C] () -- C:\WINNT\System32\LxrJD20Sat.dll
[2005/11/22 02:36:46 | 00,000,000 | ---- | C] () -- C:\WINNT\JDSecure20.INI
[2005/08/03 20:01:15 | 00,071,749 | ---- | C] () -- C:\WINNT\hcextoutput.dll
[2005/08/03 20:01:15 | 00,000,823 | ---- | C] () -- C:\WINNT\tsc.ini
[2005/08/03 20:00:48 | 00,000,170 | ---- | C] () -- C:\WINNT\GetServer.ini
[2005/07/10 11:24:35 | 00,053,248 | ---- | C] () -- C:\WINNT\System32\Zlib.dll
[2005/07/10 11:24:33 | 00,041,984 | ---- | C] () -- C:\WINNT\System32\ZFExt.dll
[2005/06/25 16:30:34 | 00,010,394 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINNT\bdoscandellang.ini
[2005/02/27 16:49:23 | 00,000,048 | ---- | C] () -- C:\WINNT\PerWin.ini
[2004/11/07 22:52:00 | 00,051,712 | ---- | C] () -- C:\WINNT\wc98pp.dll
[2004/11/07 20:54:42 | 00,000,213 | ---- | C] () -- C:\WINNT\ANS2000.INI
[2004/11/07 20:54:42 | 00,000,020 | -H-- | C] () -- C:\WINNT\akebook.ini
[2004/11/07 20:54:42 | 00,000,004 | -H-- | C] () -- C:\WINNT\a3kebook.ini
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINNT\System32\vuins32.dll
[2004/07/13 22:45:54 | 00,000,032 | ---- | C] () -- C:\WINNT\render.ini
[2004/07/13 22:04:16 | 00,000,000 | ---- | C] () -- C:\WINNT\mtstack.INI
[2003/07/14 13:47:09 | 00,023,168 | ---- | C] () -- C:\WINNT\System32\drivers\AnyDVD.sys
[2003/07/09 20:29:45 | 00,000,043 | ---- | C] () -- C:\WINNT\gswin32.ini
[2003/07/09 20:13:16 | 00,000,332 | ---- | C] () -- C:\WINNT\CoverDes.INI
[2003/06/12 20:58:00 | 00,000,218 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2003/06/07 22:04:27 | 00,000,083 | ---- | C] () -- C:\WINNT\WSST_Screen_Saver.ini
[2003/06/07 19:10:02 | 00,000,174 | ---- | C] () -- C:\WINNT\System32\mcini.ini
[2003/06/02 20:56:18 | 00,001,060 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/06/01 20:55:35 | 00,000,044 | ---- | C] () -- C:\WINNT\System32\msssc.dll
[2003/06/01 20:52:56 | 00,006,272 | ---- | C] () -- C:\WINNT\System32\drivers\ASLM75.SYS
[2003/06/01 20:51:32 | 00,003,967 | ---- | C] () -- C:\WINNT\Ascd_tmp.ini
[2003/06/01 20:51:31 | 00,005,824 | ---- | C] () -- C:\WINNT\System32\drivers\ASUSHWIO.SYS
[2003/06/01 16:03:04 | 00,000,010 | ---- | C] () -- C:\WINNT\wininit.ini
[2003/06/01 01:18:30 | 00,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[2002/11/25 02:53:35 | 00,425,984 | ---- | C] () -- C:\WINNT\System32\xvid.dll
[1999/12/07 05:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/12/07 05:00:00 | 00,028,706 | ---- | C] () -- C:\WINNT\System32\llbyvq.dll
[1999/12/07 05:00:00 | 00,027,242 | ---- | C] () -- C:\WINNT\System32\netw9m32.dll
[1999/09/25 03:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 03:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINNT\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINNT\AuHCcup1.dll
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1998/06/10 00:00:00 | 00,015,120 | ---- | C] () -- C:\WINNT\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 00,014,017 | ---- | C] () -- C:\WINNT\JAUTOEXP.INI
[1998/04/24 00:00:00 | 00,000,218 | ---- | C] () -- C:\WINNT\FRONTPG.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4033A68
< End of report >


Extras.txt
-------------------------
OTL Extras logfile created on: 12/16/2009 6:22:34 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Eddie Perez-Ruberte.HOME\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.56% Memory free
3.36 Gb Paging File | 2.88 Gb Available in Paging File | 85.75% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 0.68 Gb Free Space | 1.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 15.86 Gb Total Space | 1.17 Gb Free Space | 7.40% Space Free | Partition Type: NTFS
Drive H: | 49.81 Gb Total Space | 27.89 Gb Free Space | 56.00% Space Free | Partition Type: NTFS
Drive I: | 465.65 Gb Total Space | 399.21 Gb Free Space | 85.73% Space Free | Partition Type: FAT32
Drive J: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 7.47 Gb Total Space | 0.58 Gb Free Space | 7.72% Space Free | Partition Type: FAT32

Computer Name: HOME
Current User Name: Eddie Perez-Ruberte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.js [@ = jsfile] -- H:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe (Adobe Systems, Inc.)
.vbs [@ = vbsfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "H:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "H:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager -- ()
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet -- (Sun Microsystems, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"H:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = H:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"H:\Program Files\iTunes\iTunes.exe" = H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0030188A-533E-42EE-9837-E044F10E4369}" = Palm
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E8DC19D-E1E1-402D-A483-CFF559207B94}" = FileOpen Plug-in for Adobe Acrobat® and Adobe Reader®
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{53AF3638-DDB4-4755-B3DC-259981689DB7}" = MioNet
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"All ATI Software" = ATI - Software Uninstall Utility
"Ares" = Ares 2.0.9
"ATI Display Driver" = ATI Display Driver
"atyaljxbvtskzq" = Tagging System Thesuperads
"Audacity_is1" = Audacity 1.2.6
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"Instant Article Submitter_is1" = Instant Article Submitter 1.0.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"PharmaSim #version#" = PharmaSim #version#
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Satellite TV for PC Elite" = Satellite TV for PC Elite 4.8.8.0
"Spider-Man 2 Screensaver 1" = Spider-Man 2 Screensaver 1
"ST6UNST #1" = Stock Price II Retrieval
"Stickies 6.7a" = Stickies 6.7a
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZipForm Desktop" = ZipForm Desktop
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2009 9:10:24 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/16/2009 9:10:24 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/16/2009 9:10:25 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/16/2009 9:10:25 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/16/2009 9:10:28 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/16/2009 9:10:28 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/16/2009 9:10:29 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/16/2009 9:10:29 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/16/2009 9:12:57 AM | Computer Name = HOME | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\EDDIE PEREZ-RUBERTE.HOME\RECENT\FOLLOW
ME.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 12/16/2009 9:12:57 AM | Computer Name = HOME | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\EDDIE PEREZ-RUBERTE.HOME\RECENT\THE
IMPRESSION THAT I GET.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

[ OSession Events ]
Error - 10/7/2009 12:11:08 AM | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1648
seconds with 1620 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/6/2009 3:15:07 AM | Computer Name = HOME | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/6/2009 11:54:50 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 12/10/2009 6:56:11 PM | Computer Name = HOME | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/12/2009 2:45:26 AM | Computer Name = HOME | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/12/2009 3:43:29 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/12/2009 3:43:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Services service, but
this action failed with the following error: %%1056

Error - 12/16/2009 12:02:59 AM | Computer Name = HOME | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/16/2009 9:10:08 AM | Computer Name = HOME | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 12/16/2009 9:11:59 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The iPod Service service terminated with the following error: %%2147549465

Error - 12/16/2009 9:12:21 AM | Computer Name = HOME | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users