Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect and SKRNL-Hook Trojan


  • Please log in to reply

#1
Steelers.rf

Steelers.rf

    New Member

  • Member
  • Pip
  • 1 posts
It seems we have contracted the Google re-direct virus, as the links are not working properly. McAfee keeps finding NTOSKRNL-Hook each time we reboot, and two Generic rootkits. Malawarebytes finds nothing. I have run each of the items requested in the Preparation guide, and the log is below. Unfortunately the system restore would not function properly, nor will the System Restore in my applications folder. Any thoughts?

Any help would be much appreciated!!

Thanks.

Logs below:

OTL logfile created on: 8/25/2009 7:24:21 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Rachel\Desktop\virus removal stuff
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 619.71 Mb Available Physical Memory | 60.63% Memory free
2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 109.03 Gb Free Space | 75.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D164FS91
Current User Name: Rachel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/06/26 08:10:21 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/04/07 13:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/07/13 15:53:48 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/01/16 14:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2007/10/31 16:11:34 | 00,354,648 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2007/09/13 12:00:48 | 00,015,720 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2005/08/03 21:05:55 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [1999/03/18 01:38:10 | 08,798,260 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/25 19:23:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rachel\Desktop\virus removal stuff\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/04/07 13:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/05/12 12:04:27 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/13 15:53:48 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/01/16 14:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2007/10/31 16:11:34 | 00,354,648 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController [Auto | Running])
SRV - [2006/12/11 22:16:32 | 00,064,248 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2006/12/11 22:16:28 | 00,301,816 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Auto | Stopped])
SRV - [2007/11/15 10:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Stopped])
SRV - [2005/08/03 21:05:55 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...l...&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/29 09:55:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/13 15:53:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/11 14:51:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/19 06:35:17 | 00,000,000 | ---D | M]

[2008/08/27 07:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\mozilla\Extensions
[2008/08/27 07:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/17 14:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\mozilla\Firefox\Profiles\pvxlsccn.default\extensions
[2009/03/27 21:32:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\mozilla\Firefox\Profiles\pvxlsccn.default\extensions\[email protected]
[2009/08/17 14:48:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 18:36:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/26 16:49:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/28 18:33:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/01/28 21:41:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/01 07:23:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/07/13 15:54:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/05 18:36:44 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 18:36:45 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/11/14 20:34:14 | 00,090,112 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/07/13 15:53:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/05 18:36:49 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/29 09:55:13 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/14 10:43:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/14 10:43:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/14 10:43:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/14 10:43:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/14 10:43:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/14 10:43:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/14 10:43:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/29 09:55:36 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/09/29 09:54:53 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/09/28 13:58:29 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/28 13:58:29 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/28 13:58:29 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 23:16:55 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/28 13:58:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/28 13:58:29 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/28 13:58:29 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\pemewoma.dll) - C:\WINDOWS\System32\pemewoma.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\lahesumo.dll) - C:\WINDOWS\System32\lahesumo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/25 19:21:49 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Rachel\Desktop\settings.dat
[2009/08/25 19:11:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/25 19:11:08 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Rachel\Desktop\ERUNT.lnk
[2009/08/25 19:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/25 19:05:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rachel\Desktop\virus removal stuff
[2009/08/25 06:52:45 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Rachel\Desktop\HijackThis.lnk
[2009/08/25 06:52:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/25 06:51:58 | 00,000,000 | ---D | C] -- C:\HJT
[2009/08/25 06:49:51 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/08/21 14:32:25 | 00,000,396 | ---- | C] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/08/21 06:26:25 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/21 06:26:21 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/21 06:26:20 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/21 06:26:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/18 19:21:46 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Rachel\Desktop\Jason Waiver.doc
[2009/08/17 19:03:12 | 00,000,043 | ---- | C] () -- C:\WINDOWS\av_affiliate.ini
[2009/08/17 19:03:10 | 00,000,043 | ---- | C] () -- C:\WINDOWS\as_affiliate.ini
[2009/08/17 19:01:27 | 00,000,835 | R--- | C] () -- C:\Documents and Settings\Rachel\Desktop\CyberDefender.lnk
[2009/08/17 19:01:18 | 00,067,424 | ---- | C] (CyberDefender Corp.) -- C:\WINDOWS\System32\drivers\CDAVFS.sys
[2009/08/17 19:01:13 | 00,000,000 | ---D | C] -- C:\Program Files\CyberDefender
[2009/08/12 21:03:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rachel\Application Data\Malwarebytes
[2009/08/12 21:03:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/12 20:53:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

========== Files - Modified Within 14 Days ==========

[2009/08/25 19:21:49 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\settings.dat
[2009/08/25 19:11:08 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\ERUNT.lnk
[2009/08/25 19:09:17 | 00,021,271 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/08/25 19:09:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/25 19:08:37 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\Microsoft Word.lnk
[2009/08/25 19:08:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/25 19:08:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/25 19:08:07 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/25 09:37:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/25 06:52:46 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\HijackThis.lnk
[2009/08/22 15:24:44 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/21 14:32:26 | 00,000,396 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/08/21 12:42:20 | 00,000,835 | R--- | M] () -- C:\Documents and Settings\Rachel\Desktop\CyberDefender.lnk
[2009/08/21 06:26:25 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/18 19:21:46 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\Jason Waiver.doc
[2009/08/18 19:18:30 | 00,000,918 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/18 03:01:01 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/17 19:03:12 | 00,000,043 | ---- | M] () -- C:\WINDOWS\av_affiliate.ini
[2009/08/17 19:03:10 | 00,000,043 | ---- | M] () -- C:\WINDOWS\as_affiliate.ini
[2009/08/17 19:00:32 | 00,067,424 | ---- | M] (CyberDefender Corp.) -- C:\WINDOWS\System32\drivers\CDAVFS.sys
[2009/08/17 13:16:48 | 00,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comcast Desktop Doctor.lnk
[2009/08/12 21:15:07 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\memusilu
[2009/08/12 20:53:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/12 20:53:33 | 00,000,209 | RHS- | M] () -- C:\boot.ini

========== LOP Check ==========

[2009/08/19 06:35:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/27 06:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/28 19:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/11/05 15:51:54 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/08/20 21:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2008/02/26 04:31:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2005/08/16 21:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2006/08/20 09:45:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVT
[2006/08/20 09:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
[2007/10/16 18:22:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2006/11/05 15:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/11/05 15:54:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/11/05 15:54:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/08/20 17:46:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/04/10 20:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/12 21:03:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Rachel\Application Data
[2008/01/13 18:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\Canon
[2006/04/10 21:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\Corel
[2006/05/11 20:18:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\Corel Photo Album
[2007/03/22 08:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\Leadertech
[2009/03/25 07:03:12 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rachel\Application Data\Move Networks
[2006/12/22 19:08:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\NewSoft
[2006/11/05 15:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\ScanSoft
[2007/01/27 13:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\Viewpoint
[2009/07/09 14:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rachel\Application Data\webex
[2009/08/25 09:37:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/15 01:12:24 | 00,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/08/01 01:01:00 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/25 19:08:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/21 14:32:26 | 00,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\Schedule Task Weekly.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >


OTL Extras logfile created on: 8/25/2009 7:24:21 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Rachel\Desktop\virus removal stuff
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 619.71 Mb Available Physical Memory | 60.63% Memory free
2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 109.03 Gb Free Space | 75.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D164FS91
Current User Name: Rachel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567
"55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568
"55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569
"55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570
"55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567
"55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570
"55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568
"55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569
"55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- ()
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- ()
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Disabled:McAfee Data Backup -- (McAfee)
"C:\Program Files\CyberDefender\AntiSpyware\cdasf1.exe" = C:\Program Files\CyberDefender\AntiSpyware\cdasf1.exe:*:Enabled:CyberDefender Internet Security -- (CyberDefender Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1AEC8F41-4701-415D-9782-F69CFB535463}" = Creative Zen MicroPhoto
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{243F4D4E-1149-4128-908A-4A4C6543A4E9}" = Exercise Explorer Academic
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{AA63780B-DDB7-417b-8A13-E5AFBE08E807}" =
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
"{AC5352DA-F4F2-4A59-A1BF-41546342746B}" = CyberDefender Early Detection Center
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{EB1AE258-8DDD-4F54-B2EB-AC02EC4C6FAB}" = Rosetta Stone Ltd Services
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA" = SCRABBLE
"989E4C3B-B2C9-4486-9A09-D5A8F953837C" = Bejeweled 2 Deluxe
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ArcSoft Camera Suite" = ArcSoft Camera Suite
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Canon Camera WIA Driver IXY 300a, PowerShot S330, IXUS 330" = Canon IXY 300a, PowerShot S330, IXUS 330 WIA Driver
"Canon Utilities RAW Image Converter2" = Canon Utilities RAW Image Converter2
"ClubWPT" = ClubWPT
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CoffeeCup HTML Editor 2008" = CoffeeCup HTML Editor 2008
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"D1A6F3FD-7B40-443F-8767-BADB25A0D222" = Blasterball 2
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MSC" = McAfee SecurityCenter
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"eMusic Download Manager" = eMusic Download Manager
"GoToMeeting" = GoToMeeting 4.1.0.366
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2009 3:57:04 PM | Computer Name = D164FS91 | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
winword.exe, version 9.0.0.2717, fault address 0x000b7899.

Error - 8/10/2009 7:46:03 AM | Computer Name = D164FS91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/11/2009 5:07:52 PM | Computer Name = D164FS91 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module rdl30A.tmp.exe, version 0.0.0.0, fault address 0x00005be6.

Error - 8/11/2009 9:59:49 PM | Computer Name = D164FS91 | Source = Application Hang | ID = 1002
Description = Hanging application bcont.exe, version 6.9.2258.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/12/2009 8:54:52 PM | Computer Name = D164FS91 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 8/17/2009 6:39:26 AM | Computer Name = D164FS91 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 8/17/2009 6:40:02 AM | Computer Name = D164FS91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/17/2009 6:40:04 AM | Computer Name = D164FS91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/23/2009 5:53:14 PM | Computer Name = D164FS91 | Source = Application Hang | ID = 1002
Description = Hanging application cdasf1.exe, version 5.7.21.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2009 4:57:57 PM | Computer Name = D164FS91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/25/2009 7:06:47 PM | Computer Name = D164FS91 | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/25/2009 7:06:47 PM | Computer Name = D164FS91 | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/25/2009 7:06:47 PM | Computer Name = D164FS91 | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/25/2009 7:06:47 PM | Computer Name = D164FS91 | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 8/25/2009 7:06:47 PM | Computer Name = D164FS91 | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Run the configured recovery program.

Error - 8/25/2009 7:06:47 PM | Computer Name = D164FS91 | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/25/2009 7:06:47 PM | Computer Name = D164FS91 | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 8/25/2009 7:06:47 PM | Computer Name = D164FS91 | Source = Service Control Manager | ID = 7034
Description = The RosettaStoneLtdController service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/25/2009 7:06:47 PM | Computer Name = D164FS91 | Source = Service Control Manager | ID = 7031
Description = The McAfee SystemGuards service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/25/2009 7:08:38 PM | Computer Name = D164FS91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service
to connect.


< End of report >


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/25 19:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF480F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79CA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF1446000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden Services
-------------------
Service Name: kbiwkmpuyyjuuj
Image Path: C:\WINDOWS\system32\drivers\kbiwkmsvpaqukj.sys

Service Name: SKYNETwgiowjpc
Image Path: C:\WINDOWS\system32\drivers\SKYNETdsonddvy.sys

==EOF==




Malwarebytes' Anti-Malware 1.40
Database version: 2693
Windows 5.1.2600 Service Pack 3

8/25/2009 7:21:40 PM
mbam-log-2009-08-25 (19-21-40).txt

Scan type: Quick Scan
Objects scanned: 98718
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP