I recieved an alert that my bowser was under threat so downloaded the windows recommended bit but when i opened it it wasn`t from windows at all it was a false alert which browser hijacked me!!! Since then ive had to uninstall firefox and upload IE to start i couldnt update anything but since using Spyzooka ive been able to update all windows bits.
My security suite is Mcafee but am unable to run any scans as it causes a serious error and crashs, on reboot i have this error log.
System has recovered from serios error
ERROR SIGNATURE
BCCode: 10000000 BCP1:FFFFFFFF BCP2:00000000 BCP3: 804DE9A4 BCP4: 00000000
OSVer: 5_1_2600 SP:3_0 PRODUCT:768.1
ERROR REPORT CONTENT
C:\DOCUME~1\Owner\LOCALS~1TEMP\WERbdc3.dir00\MINI062109.01.dmp
C:\DOCUME~1\Owner\LOCALS~1TEMP\WERbdc3.dir00\sysdata.xml
So i have downloaded TFC, ERUNT, ROOTER & OTL Malwarebytes but this wont open.
I have downloaded Stopzilla (which again would not open)registry mechanic and many other things that didnt work and now have forgotten as it all got to much.
Spyzooka which i had to pay for keeps finding infections which i keep deleting.
OTL logfile created on: 21/06/2009 00:09:04 - Run 1
OTL by OldTimer - Version 3.0.2.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
254.48 Mb Total Physical Memory | 46.01 Mb Available Physical Memory | 18.08% Memory free
733.33 Mb Paging File | 184.41 Mb Available in Paging File | 25.15% Paging File free
Paging file location(s): C:\pagefile.sys 381 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.49 Gb Total Space | 275.03 Gb Free Space | 92.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TRACEY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\WINDOWS\System32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Cursors\lsass.exe ()
PRC - C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\TalkTalk\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\SpyZooka\spyzooka.exe (BluePenguin Software Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c965c4509eb606 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KService [Auto | Running]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\WINDOWS\System32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (sprtsvc_TalkTalk [Auto | Running]) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist [On_Demand | Stopped]) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk [Auto | Running]) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (ms_mpu401 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.5.0522
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/11 11:52:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/20 16:03:39 | 00,000,000 | ---D | M]
[2008/12/15 23:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/12/15 23:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/19 22:36:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions
[2009/06/19 22:36:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/06/11 00:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2008/12/16 21:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\[email protected]
[2009/06/11 00:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\[email protected]
[2009/06/20 16:16:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/11 11:54:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/03 14:02:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/18 14:32:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TalkTalk] C:\Program Files\TalkTalk\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe (BluePenguin Software Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\WINDOWS\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\Cursors\lsass.exe) - C:\WINDOWS\Cursors\lsass.exe ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {D468BCE5-D18E-49A4-8EA7-34BD583659D5} - C:\Program Files\SpyZooka\spyguard.dll (BluePenguin Software Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk C:\
O33 - MountPoints2\{a2044a21-6549-11da-a5a1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a2044a21-6549-11da-a5a1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2044a21-6549-11da-a5a1-806d6172696f}\Shell\AutoRun\command - "" = E:\Launch.exe -- File not found
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/06/21 00:02:27 | 00,512,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/20 23:48:18 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/20 23:47:39 | 00,170,711 | ---- | C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/20 23:43:35 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/20 23:43:31 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/20 23:43:30 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/20 23:43:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/20 23:43:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/20 23:40:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/20 23:39:12 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/06/20 23:38:54 | 00,000,579 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/06/20 23:38:54 | 00,000,560 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/20 23:38:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/06/20 23:36:47 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/06/20 22:36:22 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/06/20 19:10:58 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/20 19:10:55 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/20 19:10:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/20 19:10:35 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/20 19:05:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/20 18:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Corporation
[2009/06/20 18:53:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\msat
[2009/06/20 18:52:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/06/20 18:52:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/06/20 18:50:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MSATEnglish[1]
[2009/06/20 18:27:48 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/20 18:24:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/06/20 16:57:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/20 16:57:29 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/06/20 16:57:26 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/06/20 16:57:25 | 01,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2009/06/20 16:57:21 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/06/20 15:28:49 | 00,293,376 | ---- | C] () -- C:\plugin.dat
[2009/06/20 14:58:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Spyzooka
[2009/06/20 13:40:19 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyZooka 2.5.lnk
[2009/06/20 13:40:16 | 00,000,000 | ---D | C] -- C:\Program Files\SpyZooka
[2009/06/20 13:39:15 | 03,019,472 | ---- | C] (BluePenguin Software Inc.) -- C:\Documents and Settings\Owner\Desktop\spyzookasetup.exe
[2009/06/20 13:04:00 | 05,955,448 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\saSetup64.exe
[2009/06/20 11:47:15 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/06/19 00:43:12 | 00,223,480 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OFFICIAL-EMULE_SETUP.EXE
[2009/06/19 00:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\REGISTRY.CLEANER.REGSUPREME.V1.2.MULTILANGUAGE.INCL.CRACKED.EXE
[2009/06/19 00:43:05 | 00,085,538 | ---- | C] () -- C:\WINDOWS\VTJ708346.EXE
[2009/06/19 00:43:00 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\WUAN364443.EXE
[2009/06/19 00:43:00 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\FEOC827.EXE
[2009/06/19 00:42:59 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\O255.EXE
[2009/06/19 00:42:59 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\HW5305.EXE
[2009/06/19 00:42:58 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\GU58826.EXE
[2009/06/19 00:42:58 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\GBG033414.EXE
[2009/06/19 00:42:57 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\GNCYQ5.EXE
[2009/06/19 00:25:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/06/18 18:47:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/06/18 16:54:33 | 00,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/06/18 16:54:32 | 00,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2009/06/18 16:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/06/18 16:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/06/18 16:45:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/06/18 15:58:15 | 00,648,192 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2009/06/18 14:08:41 | 00,000,000 | ---D | C] -- C:\Program Files\AskTBar
[2009/06/14 17:17:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\eMuleSkin_Daan-Kad8
[2009/06/13 17:08:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Stephanie Meyer Twilight Saga (Book 3) Eclipse Mp3-32Kbps
[2009/06/13 17:04:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Midnight Sun (The Twilight Saga, Book 5)
[2009/05/24 12:03:17 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/24 10:36:47 | 00,000,005 | -HS- | C] () -- C:\WINDOWS\System32\AuxDrv32_g.dlx
[2009/05/24 10:36:47 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\SndDrv32_g.dlx
[2009/05/24 10:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\RegSupreme
[2009/05/24 03:01:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/05/23 17:51:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\NeroVision
[2009/05/23 10:43:58 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/23 10:29:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead
[2009/05/22 22:35:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2009/05/22 22:33:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/05/22 22:13:46 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/05/22 22:13:37 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/05/22 21:18:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Nero.7.Premium.v7.11.10.0.Multilangages.Incl-Keygen.[emule-island.com]
[2009/05/22 19:54:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2009/05/22 19:54:08 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WinRAR.lnk
[2009/05/22 19:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/05/22 19:30:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2009/05/22 19:24:13 | 00,516,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CapiCom.dll
[2009/05/22 19:24:07 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/05/22 19:24:00 | 00,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2008/10/19 15:42:08 | 00,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2006/07/13 12:17:24 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/12/06 12:16:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/05 12:42:07 | 00,001,458 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/05 12:41:46 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/12/05 12:41:43 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/09/02 00:39:24 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/09/02 00:39:24 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/09/02 00:39:00 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
========== Files - Modified Within 30 Days ==========
[2009/06/21 00:06:11 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/20 23:47:46 | 00,170,711 | ---- | M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/20 23:43:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/20 23:39:12 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/06/20 23:38:54 | 00,000,579 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/06/20 23:38:54 | 00,000,560 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/20 23:37:45 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/06/20 23:07:39 | 00,018,649 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/20 23:06:55 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/20 23:04:05 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/20 23:03:51 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/20 23:03:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/20 23:03:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/20 23:03:43 | 26,691,5840 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/20 22:37:07 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/06/20 19:10:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/20 19:01:58 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/20 16:57:29 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/06/20 15:28:49 | 00,293,376 | ---- | M] () -- C:\plugin.dat
[2009/06/20 13:40:19 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyZooka 2.5.lnk
[2009/06/20 13:39:20 | 03,019,472 | ---- | M] (BluePenguin Software Inc.) -- C:\Documents and Settings\Owner\Desktop\spyzookasetup.exe
[2009/06/20 13:04:11 | 05,955,448 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\saSetup64.exe
[2009/06/19 00:43:12 | 00,223,480 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OFFICIAL-EMULE_SETUP.EXE
[2009/06/19 00:43:05 | 00,085,538 | ---- | M] () -- C:\WINDOWS\VTJ708346.EXE
[2009/06/19 00:43:00 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\WUAN364443.EXE
[2009/06/19 00:43:00 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\FEOC827.EXE
[2009/06/19 00:42:59 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\O255.EXE
[2009/06/19 00:42:59 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\HW5305.EXE
[2009/06/19 00:42:58 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\GU58826.EXE
[2009/06/19 00:42:58 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\GBG033414.EXE
[2009/06/19 00:42:57 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\GNCYQ5.EXE
[2009/06/18 23:34:38 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/18 16:54:33 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/06/18 16:54:33 | 00,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2009/06/18 13:15:17 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/15 02:19:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/11 03:13:10 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/07 11:29:57 | 00,030,888 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/01 09:51:14 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/01 01:02:55 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/05/24 10:36:47 | 00,000,005 | -HS- | M] () -- C:\WINDOWS\System32\AuxDrv32_g.dlx
[2009/05/24 10:36:47 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\SndDrv32_g.dlx
[2009/05/22 19:54:09 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WinRAR.lnk
[2009/05/22 19:36:50 | 05,362,598 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
========== Alternate Data Streams ==========
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
This is the second log from OTL
OTL Extras logfile created on: 21/06/2009 00:09:04 - Run 1
OTL by OldTimer - Version 3.0.2.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
254.48 Mb Total Physical Memory | 46.01 Mb Available Physical Memory | 18.08% Memory free
733.33 Mb Paging File | 184.41 Mb Available in Paging File | 25.15% Paging File free
Paging file location(s): C:\pagefile.sys 381 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.49 Gb Total Space | 275.03 Gb Free Space | 92.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TRACEY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:*:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:*:Enabled:@xpsp2res.dll,-22008
"51111:TCP" = 51111:TCP:*:Enabled:emule incoming
"52222:UDP" = 52222:UDP:*:Enabled:emule udp incoming
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe (SupportSoft, Inc.)
C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe (SupportSoft, Inc.)
C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe (SupportSoft, Inc.)
C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe (SupportSoft, Inc.)
C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service (Kontiki Inc.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\eMule\emule.exe:*:Enabled:eMule (http://www.emule-project.net)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6FE4AA77-DF4C-48E9-A3E8-494926D163A4}" = SpyZooka
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Premium
"{9F57750D-4A5B-4013-B985-15BEF6646855}" = Microsoft Security Assessment Tool 4.0
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA3D1B0-415C-11DE-8251-005056806466}" = Google Earth Plugin
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E80BB1C5-0BD7-4FEB-9C98-976BFC808552}" = ConnectGoV5UpdateVer2
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OcaHistoryUpd" = OCA Client history tool install
"ppcbooster" = PPC Booster
"Registry Mechanic_is1" = Registry Mechanic 8.0
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19/06/2009 04:30:13 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.3.127.0, faulting module
mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0.
Error - 19/06/2009 09:40:11 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.3.127.0, faulting module
mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0.
Error - 19/06/2009 13:21:57 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application mcmscsvc.exe, version 9.3.137.0, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x00120f2f.
Error - 19/06/2009 13:22:38 | Computer Name = TRACEY | Source = Application Error | ID = 1001
Description = Fault bucket 1104950415.
Error - 19/06/2009 18:08:04 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.3.127.0, faulting module
mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0.
Error - 20/06/2009 06:28:32 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.3.127.0, faulting module
mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0.
Error - 20/06/2009 10:50:43 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3439, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0001aa21.
Error - 20/06/2009 11:01:01 | Computer Name = TRACEY | Source = Application Error | ID = 1001
Description = Fault bucket 1315720251.
Error - 20/06/2009 11:46:13 | Computer Name = TRACEY | Source = Application Hang | ID = 1002
Description = Hanging application LimeWire.exe, version 1.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 20/06/2009 11:46:24 | Computer Name = TRACEY | Source = Application Hang | ID = 1001
Description = Fault bucket 165456457.
[ System Events ]
Error - 20/06/2009 14:21:35 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7022
Description = The McAfee Real-time Scanner service hung on starting.
Error - 20/06/2009 14:24:56 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.
Error - 20/06/2009 14:24:56 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053
Error - 20/06/2009 14:27:34 | Computer Name = TRACEY | Source = DCOM | ID = 10010
Description = The server {8C9813D0-9FEA-4F37-AAF0-89D9C805B89F} did not register
with DCOM within the required timeout.
Error - 20/06/2009 17:45:11 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.
Error - 20/06/2009 18:06:05 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.
Error - 20/06/2009 18:06:34 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7022
Description = The McAfee Real-time Scanner service hung on starting.
Error - 20/06/2009 18:10:10 | Computer Name = TRACEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 20/06/2009 18:10:24 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the NMIndexingService service
to connect.
Error - 20/06/2009 18:10:24 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7000
Description = The NMIndexingService service failed to start due to the following
error: %%1053
< End of report >
Rooter log
Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 15 Model 4 Stepping 9, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:297 Go - Free:275 Go )
D:\ [CD_Rom]
¨
Scan : 23:48.08
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (364)
______ \??\C:\WINDOWS\system32\csrss.exe (412)
______ \??\C:\WINDOWS\SYSTEM32\winlogon.exe (436)
______ C:\WINDOWS\system32\services.exe (480)
______ C:\WINDOWS\system32\lsass.exe (492)
______ C:\WINDOWS\system32\svchost.exe (640)
______ C:\WINDOWS\system32\svchost.exe (716)
______ C:\Program Files\Windows Defender\MsMpEng.exe (788)
______ C:\WINDOWS\System32\svchost.exe (828)
______ C:\WINDOWS\system32\svchost.exe (876)
______ C:\WINDOWS\system32\svchost.exe (1040)
______ C:\WINDOWS\Explorer.exe (1172)
______ C:\WINDOWS\system32\spoolsv.exe (1304)
______ C:\Program Files\Google\Update\GoogleUpdate.exe (1480)
______ C:\WINDOWS\system32\svchost.exe (1576)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1668)
______ C:\Program Files\Kontiki\KService.exe (1720)
______ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (1772)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (1792)
______ c:\program files\common files\mcafee\mna\mcnasvc.exe (1884)
______ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (144)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (204)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (316)
______ C:\Program Files\McAfee\MSK\MskSrver.exe (280)
______ C:\WINDOWS\system32\IoctlSvc.exe (600)
______ C:\Program Files\TalkTalk\bin\sprtsvc.exe (800)
______ C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (1076)
______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (1956)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (3556)
______ C:\WINDOWS\System32\alg.exe (4048)
______ C:\WINDOWS\Cursors\lsass.exe (852)
______ C:\WINDOWS\system32\VTTimer.exe (2456)
______ C:\WINDOWS\SOUNDMAN.EXE (1676)
______ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (2804)
______ C:\Program Files\TalkTalk\bin\sprtcmd.exe (2808)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2932)
______ C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (2984)
______ C:\Program Files\Windows Defender\MSASCui.exe (3016)
______ C:\Program Files\Messenger\msmsgs.exe (3036)
______ C:\Program Files\Kontiki\KHost.exe (2936)
______ C:\WINDOWS\system32\ctfmon.exe (3044)
______ C:\Program Files\Registry Mechanic\RegMech.exe (3088)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3100)
______ C:\Program Files\SpyZooka\spyzooka.exe (2000)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (3740)
______ C:\Program Files\Internet Explorer\iexplore.exe (2628)
______ C:\Program Files\Internet Explorer\iexplore.exe (3524)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (996)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:4491002880 | Length:319428748800)
\Device\Harddisk0\Partition2 (Start_Offset:32256 | Length:4490970624)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\WINDOWS\Tasks\SA.DAT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
C:\DOCUME~1\Owner\Desktop\Nero.7.Premium.v7.11.10.0.Multilangages.Incl-Keygen.[emule-island.com]\Keygen\keygen_update3.exe
==> Cracks & Keygens <==
¨
----------------------\\ Scan completed at 23:48.19
¨
C:\Rooter$\Rooter_1.txt - (20/06/2009 | 23:48.19).c
Can not use Malwarebytes Anti-Malware as it wont open
Spyzooka quarrentine log
QFolders]
Q0=C:\Documents and Settings\Owner\Application Data\Spyzooka\Q200620091458040
Q1=C:\Documents and Settings\Owner\Application Data\Spyzooka\Q210620090000430
Q2=C:\Documents and Settings\Owner\Application Data\Spyzooka\Q210620091239280
Am going to post this before anything happens and i lose it all. I am a novice so no technical jargon please as confused enough
Edited by trababe, 21 June 2009 - 07:40 AM.