Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser hijacked and computer crashs [Solved]

Started by trababe , Jun 21 2009 06:39 AM

  • This topic is locked This topic is locked

#1
trababe
Posted 21 June 2009 - 06:39 AM

trababe

    Member

  • Member
  • PipPip
  • 15 posts
Hi i hope someone can help in a complete state of dispair!!!!!
I recieved an alert that my bowser was under threat so downloaded the windows recommended bit but when i opened it it wasn`t from windows at all it was a false alert which browser hijacked me!!! Since then ive had to uninstall firefox and upload IE to start i couldnt update anything but since using Spyzooka ive been able to update all windows bits.
My security suite is Mcafee but am unable to run any scans as it causes a serious error and crashs, on reboot i have this error log.

System has recovered from serios error

ERROR SIGNATURE
BCCode: 10000000 BCP1:FFFFFFFF BCP2:00000000 BCP3: 804DE9A4 BCP4: 00000000
OSVer: 5_1_2600 SP:3_0 PRODUCT:768.1

ERROR REPORT CONTENT
C:\DOCUME~1\Owner\LOCALS~1TEMP\WERbdc3.dir00\MINI062109.01.dmp
C:\DOCUME~1\Owner\LOCALS~1TEMP\WERbdc3.dir00\sysdata.xml

So i have downloaded TFC, ERUNT, ROOTER & OTL Malwarebytes but this wont open.
I have downloaded Stopzilla (which again would not open)registry mechanic and many other things that didnt work and now have forgotten as it all got to much.
Spyzooka which i had to pay for keeps finding infections which i keep deleting.


OTL logfile created on: 21/06/2009 00:09:04 - Run 1
OTL by OldTimer - Version 3.0.2.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

254.48 Mb Total Physical Memory | 46.01 Mb Available Physical Memory | 18.08% Memory free
733.33 Mb Paging File | 184.41 Mb Available in Paging File | 25.15% Paging File free
Paging file location(s): C:\pagefile.sys 381 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.49 Gb Total Space | 275.03 Gb Free Space | 92.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRACEY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\WINDOWS\System32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Cursors\lsass.exe ()
PRC - C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\TalkTalk\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\SpyZooka\spyzooka.exe (BluePenguin Software Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c965c4509eb606 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KService [Auto | Running]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\WINDOWS\System32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (sprtsvc_TalkTalk [Auto | Running]) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist [On_Demand | Stopped]) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk [Auto | Running]) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (ms_mpu401 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.5.0522
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/11 11:52:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/20 16:03:39 | 00,000,000 | ---D | M]

[2008/12/15 23:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/12/15 23:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/19 22:36:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions
[2009/06/19 22:36:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/06/11 00:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2008/12/16 21:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\[email protected]
[2009/06/11 00:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\[email protected]
[2009/06/20 16:16:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/11 11:54:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/03 14:02:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/18 14:32:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TalkTalk] C:\Program Files\TalkTalk\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe (BluePenguin Software Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\WINDOWS\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\Cursors\lsass.exe) - C:\WINDOWS\Cursors\lsass.exe ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {D468BCE5-D18E-49A4-8EA7-34BD583659D5} - C:\Program Files\SpyZooka\spyguard.dll (BluePenguin Software Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk C:\
O33 - MountPoints2\{a2044a21-6549-11da-a5a1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a2044a21-6549-11da-a5a1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2044a21-6549-11da-a5a1-806d6172696f}\Shell\AutoRun\command - "" = E:\Launch.exe -- File not found
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/06/21 00:02:27 | 00,512,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/20 23:48:18 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/20 23:47:39 | 00,170,711 | ---- | C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/20 23:43:35 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/20 23:43:31 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/20 23:43:30 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/20 23:43:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/20 23:43:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/20 23:40:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/20 23:39:12 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/06/20 23:38:54 | 00,000,579 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/06/20 23:38:54 | 00,000,560 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/20 23:38:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/06/20 23:36:47 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/06/20 22:36:22 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/06/20 19:10:58 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/20 19:10:55 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/20 19:10:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/20 19:10:35 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/20 19:05:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/20 18:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Corporation
[2009/06/20 18:53:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\msat
[2009/06/20 18:52:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/06/20 18:52:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/06/20 18:50:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MSATEnglish[1]
[2009/06/20 18:27:48 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/20 18:24:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/06/20 16:57:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/20 16:57:29 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/06/20 16:57:26 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/06/20 16:57:25 | 01,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2009/06/20 16:57:21 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/06/20 15:28:49 | 00,293,376 | ---- | C] () -- C:\plugin.dat
[2009/06/20 14:58:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Spyzooka
[2009/06/20 13:40:19 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyZooka 2.5.lnk
[2009/06/20 13:40:16 | 00,000,000 | ---D | C] -- C:\Program Files\SpyZooka
[2009/06/20 13:39:15 | 03,019,472 | ---- | C] (BluePenguin Software Inc.) -- C:\Documents and Settings\Owner\Desktop\spyzookasetup.exe
[2009/06/20 13:04:00 | 05,955,448 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\saSetup64.exe
[2009/06/20 11:47:15 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/06/19 00:43:12 | 00,223,480 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OFFICIAL-EMULE_SETUP.EXE
[2009/06/19 00:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\REGISTRY.CLEANER.REGSUPREME.V1.2.MULTILANGUAGE.INCL.CRACKED.EXE
[2009/06/19 00:43:05 | 00,085,538 | ---- | C] () -- C:\WINDOWS\VTJ708346.EXE
[2009/06/19 00:43:00 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\WUAN364443.EXE
[2009/06/19 00:43:00 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\FEOC827.EXE
[2009/06/19 00:42:59 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\O255.EXE
[2009/06/19 00:42:59 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\HW5305.EXE
[2009/06/19 00:42:58 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\GU58826.EXE
[2009/06/19 00:42:58 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\GBG033414.EXE
[2009/06/19 00:42:57 | 00,016,384 | ---- | C] (BB Inc) -- C:\WINDOWS\GNCYQ5.EXE
[2009/06/19 00:25:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/06/18 18:47:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/06/18 16:54:33 | 00,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/06/18 16:54:32 | 00,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2009/06/18 16:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/06/18 16:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/06/18 16:45:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/06/18 15:58:15 | 00,648,192 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2009/06/18 14:08:41 | 00,000,000 | ---D | C] -- C:\Program Files\AskTBar
[2009/06/14 17:17:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\eMuleSkin_Daan-Kad8
[2009/06/13 17:08:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Stephanie Meyer Twilight Saga (Book 3) Eclipse Mp3-32Kbps
[2009/06/13 17:04:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Midnight Sun (The Twilight Saga, Book 5)
[2009/05/24 12:03:17 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/24 10:36:47 | 00,000,005 | -HS- | C] () -- C:\WINDOWS\System32\AuxDrv32_g.dlx
[2009/05/24 10:36:47 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\SndDrv32_g.dlx
[2009/05/24 10:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\RegSupreme
[2009/05/24 03:01:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/05/23 17:51:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\NeroVision
[2009/05/23 10:43:58 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/23 10:29:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead
[2009/05/22 22:35:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2009/05/22 22:33:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/05/22 22:13:46 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/05/22 22:13:37 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/05/22 21:18:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Nero.7.Premium.v7.11.10.0.Multilangages.Incl-Keygen.[emule-island.com]
[2009/05/22 19:54:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2009/05/22 19:54:08 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WinRAR.lnk
[2009/05/22 19:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/05/22 19:30:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2009/05/22 19:24:13 | 00,516,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CapiCom.dll
[2009/05/22 19:24:07 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/05/22 19:24:00 | 00,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2008/10/19 15:42:08 | 00,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2006/07/13 12:17:24 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/12/06 12:16:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/05 12:42:07 | 00,001,458 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/05 12:41:46 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/12/05 12:41:43 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/09/02 00:39:24 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/09/02 00:39:24 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/09/02 00:39:00 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

========== Files - Modified Within 30 Days ==========

[2009/06/21 00:06:11 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/20 23:47:46 | 00,170,711 | ---- | M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/20 23:43:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/20 23:39:12 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/06/20 23:38:54 | 00,000,579 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/06/20 23:38:54 | 00,000,560 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/20 23:37:45 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/06/20 23:07:39 | 00,018,649 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/20 23:06:55 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/20 23:04:05 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/20 23:03:51 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/20 23:03:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/20 23:03:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/20 23:03:43 | 26,691,5840 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/20 22:37:07 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/06/20 19:10:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/20 19:01:58 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/20 16:57:29 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/06/20 15:28:49 | 00,293,376 | ---- | M] () -- C:\plugin.dat
[2009/06/20 13:40:19 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyZooka 2.5.lnk
[2009/06/20 13:39:20 | 03,019,472 | ---- | M] (BluePenguin Software Inc.) -- C:\Documents and Settings\Owner\Desktop\spyzookasetup.exe
[2009/06/20 13:04:11 | 05,955,448 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\saSetup64.exe
[2009/06/19 00:43:12 | 00,223,480 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OFFICIAL-EMULE_SETUP.EXE
[2009/06/19 00:43:05 | 00,085,538 | ---- | M] () -- C:\WINDOWS\VTJ708346.EXE
[2009/06/19 00:43:00 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\WUAN364443.EXE
[2009/06/19 00:43:00 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\FEOC827.EXE
[2009/06/19 00:42:59 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\O255.EXE
[2009/06/19 00:42:59 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\HW5305.EXE
[2009/06/19 00:42:58 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\GU58826.EXE
[2009/06/19 00:42:58 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\GBG033414.EXE
[2009/06/19 00:42:57 | 00,016,384 | ---- | M] (BB Inc) -- C:\WINDOWS\GNCYQ5.EXE
[2009/06/18 23:34:38 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/18 16:54:33 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/06/18 16:54:33 | 00,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2009/06/18 13:15:17 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/15 02:19:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/11 03:13:10 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/07 11:29:57 | 00,030,888 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/01 09:51:14 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/01 01:02:55 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/05/24 10:36:47 | 00,000,005 | -HS- | M] () -- C:\WINDOWS\System32\AuxDrv32_g.dlx
[2009/05/24 10:36:47 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\SndDrv32_g.dlx
[2009/05/22 19:54:09 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WinRAR.lnk
[2009/05/22 19:36:50 | 05,362,598 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

This is the second log from OTL

OTL Extras logfile created on: 21/06/2009 00:09:04 - Run 1
OTL by OldTimer - Version 3.0.2.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

254.48 Mb Total Physical Memory | 46.01 Mb Available Physical Memory | 18.08% Memory free
733.33 Mb Paging File | 184.41 Mb Available in Paging File | 25.15% Paging File free
Paging file location(s): C:\pagefile.sys 381 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.49 Gb Total Space | 275.03 Gb Free Space | 92.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRACEY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:*:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:*:Enabled:@xpsp2res.dll,-22008
"51111:TCP" = 51111:TCP:*:Enabled:emule incoming
"52222:UDP" = 52222:UDP:*:Enabled:emule udp incoming

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe (SupportSoft, Inc.)
C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe (SupportSoft, Inc.)
C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe (SupportSoft, Inc.)
C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe (SupportSoft, Inc.)
C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service (Kontiki Inc.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\eMule\emule.exe:*:Enabled:eMule (http://www.emule-project.net)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6FE4AA77-DF4C-48E9-A3E8-494926D163A4}" = SpyZooka
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Premium
"{9F57750D-4A5B-4013-B985-15BEF6646855}" = Microsoft Security Assessment Tool 4.0
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA3D1B0-415C-11DE-8251-005056806466}" = Google Earth Plugin
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E80BB1C5-0BD7-4FEB-9C98-976BFC808552}" = ConnectGoV5UpdateVer2
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OcaHistoryUpd" = OCA Client history tool install
"ppcbooster" = PPC Booster
"Registry Mechanic_is1" = Registry Mechanic 8.0
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/06/2009 04:30:13 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.3.127.0, faulting module
mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0.

Error - 19/06/2009 09:40:11 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.3.127.0, faulting module
mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0.

Error - 19/06/2009 13:21:57 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application mcmscsvc.exe, version 9.3.137.0, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x00120f2f.

Error - 19/06/2009 13:22:38 | Computer Name = TRACEY | Source = Application Error | ID = 1001
Description = Fault bucket 1104950415.

Error - 19/06/2009 18:08:04 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.3.127.0, faulting module
mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0.

Error - 20/06/2009 06:28:32 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application mcods.exe, version 13.3.127.0, faulting module
mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0.

Error - 20/06/2009 10:50:43 | Computer Name = TRACEY | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3439, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0001aa21.

Error - 20/06/2009 11:01:01 | Computer Name = TRACEY | Source = Application Error | ID = 1001
Description = Fault bucket 1315720251.

Error - 20/06/2009 11:46:13 | Computer Name = TRACEY | Source = Application Hang | ID = 1002
Description = Hanging application LimeWire.exe, version 1.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20/06/2009 11:46:24 | Computer Name = TRACEY | Source = Application Hang | ID = 1001
Description = Fault bucket 165456457.

[ System Events ]
Error - 20/06/2009 14:21:35 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7022
Description = The McAfee Real-time Scanner service hung on starting.

Error - 20/06/2009 14:24:56 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 20/06/2009 14:24:56 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 20/06/2009 14:27:34 | Computer Name = TRACEY | Source = DCOM | ID = 10010
Description = The server {8C9813D0-9FEA-4F37-AAF0-89D9C805B89F} did not register
with DCOM within the required timeout.

Error - 20/06/2009 17:45:11 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 20/06/2009 18:06:05 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 20/06/2009 18:06:34 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7022
Description = The McAfee Real-time Scanner service hung on starting.

Error - 20/06/2009 18:10:10 | Computer Name = TRACEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 20/06/2009 18:10:24 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the NMIndexingService service
to connect.

Error - 20/06/2009 18:10:24 | Computer Name = TRACEY | Source = Service Control Manager | ID = 7000
Description = The NMIndexingService service failed to start due to the following
error: %%1053


< End of report >


Rooter log


Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 15 Model 4 Stepping 9, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:297 Go - Free:275 Go )
D:\ [CD_Rom]
¨
Scan : 23:48.08
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (364)
______ \??\C:\WINDOWS\system32\csrss.exe (412)
______ \??\C:\WINDOWS\SYSTEM32\winlogon.exe (436)
______ C:\WINDOWS\system32\services.exe (480)
______ C:\WINDOWS\system32\lsass.exe (492)
______ C:\WINDOWS\system32\svchost.exe (640)
______ C:\WINDOWS\system32\svchost.exe (716)
______ C:\Program Files\Windows Defender\MsMpEng.exe (788)
______ C:\WINDOWS\System32\svchost.exe (828)
______ C:\WINDOWS\system32\svchost.exe (876)
______ C:\WINDOWS\system32\svchost.exe (1040)
______ C:\WINDOWS\Explorer.exe (1172)
______ C:\WINDOWS\system32\spoolsv.exe (1304)
______ C:\Program Files\Google\Update\GoogleUpdate.exe (1480)
______ C:\WINDOWS\system32\svchost.exe (1576)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1668)
______ C:\Program Files\Kontiki\KService.exe (1720)
______ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (1772)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (1792)
______ c:\program files\common files\mcafee\mna\mcnasvc.exe (1884)
______ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (144)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (204)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (316)
______ C:\Program Files\McAfee\MSK\MskSrver.exe (280)
______ C:\WINDOWS\system32\IoctlSvc.exe (600)
______ C:\Program Files\TalkTalk\bin\sprtsvc.exe (800)
______ C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (1076)
______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (1956)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (3556)
______ C:\WINDOWS\System32\alg.exe (4048)
______ C:\WINDOWS\Cursors\lsass.exe (852)
______ C:\WINDOWS\system32\VTTimer.exe (2456)
______ C:\WINDOWS\SOUNDMAN.EXE (1676)
______ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (2804)
______ C:\Program Files\TalkTalk\bin\sprtcmd.exe (2808)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2932)
______ C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (2984)
______ C:\Program Files\Windows Defender\MSASCui.exe (3016)
______ C:\Program Files\Messenger\msmsgs.exe (3036)
______ C:\Program Files\Kontiki\KHost.exe (2936)
______ C:\WINDOWS\system32\ctfmon.exe (3044)
______ C:\Program Files\Registry Mechanic\RegMech.exe (3088)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3100)
______ C:\Program Files\SpyZooka\spyzooka.exe (2000)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (3740)
______ C:\Program Files\Internet Explorer\iexplore.exe (2628)
______ C:\Program Files\Internet Explorer\iexplore.exe (3524)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (996)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:4491002880 | Length:319428748800)
\Device\Harddisk0\Partition2 (Start_Offset:32256 | Length:4490970624)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\WINDOWS\Tasks\SA.DAT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
C:\DOCUME~1\Owner\Desktop\Nero.7.Premium.v7.11.10.0.Multilangages.Incl-Keygen.[emule-island.com]\Keygen\keygen_update3.exe
==> Cracks & Keygens <==
¨
----------------------\\ Scan completed at 23:48.19
¨
C:\Rooter$\Rooter_1.txt - (20/06/2009 | 23:48.19).c


Can not use Malwarebytes Anti-Malware as it wont open

Spyzooka quarrentine log


QFolders]
Q0=C:\Documents and Settings\Owner\Application Data\Spyzooka\Q200620091458040
Q1=C:\Documents and Settings\Owner\Application Data\Spyzooka\Q210620090000430
Q2=C:\Documents and Settings\Owner\Application Data\Spyzooka\Q210620091239280

Am going to post this before anything happens and i lose it all. I am a novice so no technical jargon please as confused enough :) :)

Edited by trababe, 21 June 2009 - 07:40 AM.

  • 0

Advertisements

#2
trababe
Posted 21 June 2009 - 10:16 AM

trababe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi its me again just trying to remember everything. Its windows xp home edition about 2 1/2yrs old Still having probs browsing getting redirected or google/yahoo cant find page. when it does find sites a box appears saying this site is trying to open pop up Trusted site allow yes/no but it doesnt matter which i press nothing happens. Also the fake alert pops up from time to time. All sites apart from this one. Hooray for that. Its all just driving me insane.:)
Any help would be much appreciated. :)
  • 0

#3
Essexboy
Posted 27 June 2009 - 11:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay I will need a fresh look at your system and what are your current symptoms

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#4
trababe
Posted 27 June 2009 - 11:44 AM

trababe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Essexboy sorry for delay two children to contend with. Thanks for the easy instructions. OTS file attached.


Attached File  OTS.Txt   143.6KB   330 downloads
  • 0

#5
Essexboy
Posted 27 June 2009 - 12:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
40 minutes was no delay :)

OK I have found the miscreant, I will kill some now but I will need a bigger tool to finish it off

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> lsass.exe -> C:\WINDOWS\Cursors\lsass.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: SearchURL\\"provider" -> gogl
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: SearchURL\\"provider" -> gogl
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1971981076-3723982259-1435657856-1003\] > -> HKEY_USERS\S-1-5-21-1971981076-3723982259-1435657856-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YY -> C:\WINDOWS\Cursors\lsass.exe -> C:\WINDOWS\Cursors\lsass.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
[Files/Folders - Created Within 30 Days]
NY -> REGISTRY.CLEANER.REGSUPREME.V1.2.MULTILANGUAGE.INCL.CRACKED.EXE -> C:\Documents and Settings\Owner\Desktop\REGISTRY.CLEANER.REGSUPREME.V1.2.MULTILANGUAGE.INCL.CRACKED.EXE
NY -> VTJ708346.EXE -> C:\WINDOWS\VTJ708346.EXE
NY -> WUAN364443.EXE -> C:\WINDOWS\WUAN364443.EXE
NY -> FEOC827.EXE -> C:\WINDOWS\FEOC827.EXE
NY -> O255.EXE -> C:\WINDOWS\O255.EXE
NY -> HW5305.EXE -> C:\WINDOWS\HW5305.EXE
NY -> GU58826.EXE -> C:\WINDOWS\GU58826.EXE
NY -> GBG033414.EXE -> C:\WINDOWS\GBG033414.EXE
NY -> GNCYQ5.EXE -> C:\WINDOWS\GNCYQ5.EXE
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

THEN

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a OTL log so we can continue cleaning the system.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#6
trababe
Posted 27 June 2009 - 01:14 PM

trababe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Right did as you asked file attached. It took ages to reboot then ie half reopened then froze, had to reboot, system is soo slow that this could all take awhile. Just going to start combofix could take me awhile to get back to you as soon as.

Attached File  06272009_191100.log1.txt   358bytes   94 downloads
  • 0

#7
trababe
Posted 27 June 2009 - 03:28 PM

trababe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Right ran conbofix but i cant find log. Sorry i have looked for it but to no avail.
I also ran OTL first try i got this message:-

ACCESS violation at address 0055E370 in module 'OTL.exe.' Read of address 00000000

So i tried again log attached


Attached File  OTL.Txt   83.36KB   120 downloads

Do you want me to run combofix again or is there some way of tracking 1st one down?
Sorry if this is like teaching a 5yr old but your patience is appreciated!! :) :)

OTL logfile created on: 27/06/2009 21:20:45 - Run 3
OTL by OldTimer - Version 3.0.2.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

254.48 Mb Total Physical Memory | 86.59 Mb Available Physical Memory | 34.03% Memory free
621.27 Mb Paging File | 401.76 Mb Available in Paging File | 64.67% Paging File free
Paging file location(s): C:\pagefile.sys 381 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.49 Gb Total Space | 274.82 Gb Free Space | 92.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRACEY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\System32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c965c4509eb606 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KService [Auto | Running]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Stopped]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Stopped]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Stopped]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [Disabled | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Stopped]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Stopped]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\WINDOWS\System32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (sprtsvc_TalkTalk [Auto | Running]) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist [On_Demand | Stopped]) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk [Auto | Running]) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (mfeavfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (ms_mpu401 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pcservicecall.co.uk

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pcservicecall.co.uk

IE - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\S-1-5-21-1971981076-3723982259-1435657856-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.5.0522
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/11 11:52:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/24 10:57:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 00:02:26 | 00,000,000 | ---D | M]

[2008/12/15 23:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/12/15 23:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/19 22:36:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions
[2009/06/19 22:36:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/06/11 00:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2008/12/16 21:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\[email protected]
[2009/06/11 00:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\irramy4x.default\extensions\[email protected]
[2009/06/20 16:16:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/11 11:54:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/03 14:02:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/18 14:32:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TalkTalk] C:\Program Files\TalkTalk\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe (BluePenguin Software Inc.)
O4 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\WINDOWS\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1971981076-3723982259-1435657856-1003\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {D468BCE5-D18E-49A4-8EA7-34BD583659D5} - C:\Program Files\SpyZooka\spyguard.dll (BluePenguin Software Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 13:56:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/06/27 21:16:15 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/06/27 21:13:01 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/06/27 21:13:01 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/06/27 21:13:01 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/06/27 21:13:01 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/06/27 21:13:01 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/06/27 21:13:01 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/06/27 21:13:01 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/06/27 21:13:01 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/06/27 21:13:01 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/06/27 21:13:01 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/06/27 21:13:01 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/06/27 21:13:01 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/06/27 21:13:01 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/06/27 21:13:01 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/06/27 21:13:01 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/06/27 21:13:01 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/06/27 21:13:01 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/06/27 21:13:01 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/06/27 21:13:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/06/27 21:13:00 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/06/27 21:13:00 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/06/27 21:13:00 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/06/27 21:13:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/06/27 21:13:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/06/27 20:38:08 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/06/27 20:37:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/06/27 20:37:43 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/06/27 20:29:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/06/27 20:29:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/06/27 20:29:53 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/27 20:29:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/06/27 20:29:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/27 20:29:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/27 20:29:53 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/27 20:29:53 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/06/27 20:18:43 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/27 20:16:17 | 03,042,087 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix..exe
[2009/06/27 19:11:00 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/06/27 18:53:35 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/06/27 18:25:08 | 00,510,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTS.exe
[2009/06/21 20:42:18 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2009/06/21 20:42:10 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2009/06/21 20:42:09 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/06/21 20:16:34 | 00,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B72DFF68-006B-4D00-828E-0E91B6122FF6}.job
[2009/06/21 00:02:27 | 00,512,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/20 23:48:18 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/20 23:47:39 | 00,170,711 | ---- | C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/20 23:40:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/20 23:39:12 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/06/20 23:38:54 | 00,000,579 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/06/20 23:38:54 | 00,000,560 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/20 23:38:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/06/20 23:36:47 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/06/20 22:36:22 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/06/20 19:10:58 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/20 19:10:55 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/20 19:10:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/20 19:10:35 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/20 19:05:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/20 18:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Corporation
[2009/06/20 18:53:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\msat
[2009/06/20 18:52:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/06/20 18:52:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/06/20 18:50:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MSATEnglish[1]
[2009/06/20 18:27:48 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/20 18:24:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/06/20 16:57:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/20 16:57:29 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/06/20 16:57:26 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/06/20 16:57:25 | 01,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2009/06/20 16:57:21 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/06/20 15:28:49 | 00,293,376 | ---- | C] () -- C:\plugin.dat
[2009/06/20 14:58:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Spyzooka
[2009/06/20 13:40:19 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyZooka 2.5.lnk
[2009/06/20 13:40:16 | 00,000,000 | ---D | C] -- C:\Program Files\SpyZooka
[2009/06/20 13:39:15 | 03,019,472 | ---- | C] (BluePenguin Software Inc.) -- C:\Documents and Settings\Owner\Desktop\spyzookasetup.exe
[2009/06/20 13:04:00 | 05,955,448 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\saSetup64.exe
[2009/06/20 11:47:15 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/06/19 00:43:12 | 00,223,480 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OFFICIAL-EMULE_SETUP.EXE
[2009/06/19 00:25:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/06/18 18:47:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/06/18 16:54:33 | 00,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/06/18 16:54:32 | 00,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2009/06/18 16:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/06/18 16:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/06/18 16:45:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/06/18 15:58:15 | 00,648,192 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2009/06/18 14:08:41 | 00,000,000 | ---D | C] -- C:\Program Files\AskTBar
[2009/06/14 17:17:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\eMuleSkin_Daan-Kad8
[2009/06/13 17:08:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Stephanie Meyer Twilight Saga (Book 3) Eclipse Mp3-32Kbps
[2009/06/13 17:04:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Midnight Sun (The Twilight Saga, Book 5)
[2009/05/23 10:43:58 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/19 15:42:08 | 00,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2006/07/13 12:17:24 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/12/06 12:16:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/05 12:42:07 | 00,001,458 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/05 12:41:46 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/12/05 12:41:43 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/09/02 00:39:24 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/09/02 00:39:24 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/09/02 00:39:00 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

========== Files - Modified Within 30 Days ==========

[2009/06/27 21:14:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/27 21:14:42 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/27 21:10:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/27 20:56:18 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/27 20:56:10 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/27 20:55:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/27 20:55:52 | 26,691,5840 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/27 20:54:22 | 00,019,561 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/27 20:38:08 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/06/27 20:17:54 | 03,042,087 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix..exe
[2009/06/27 18:25:14 | 00,510,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTS.exe
[2009/06/27 15:48:26 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B72DFF68-006B-4D00-828E-0E91B6122FF6}.job
[2009/06/27 15:41:15 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/22 11:49:11 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/21 21:54:58 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/21 20:42:18 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2009/06/21 00:06:11 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/20 23:47:46 | 00,170,711 | ---- | M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/20 23:39:12 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/06/20 23:38:54 | 00,000,579 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/06/20 23:38:54 | 00,000,560 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/20 23:37:45 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/06/20 22:37:07 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/06/20 19:10:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/20 16:57:29 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/06/20 15:28:49 | 00,293,376 | ---- | M] () -- C:\plugin.dat
[2009/06/20 13:40:19 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyZooka 2.5.lnk
[2009/06/20 13:39:20 | 03,019,472 | ---- | M] (BluePenguin Software Inc.) -- C:\Documents and Settings\Owner\Desktop\spyzookasetup.exe
[2009/06/20 13:04:11 | 05,955,448 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\saSetup64.exe
[2009/06/19 00:43:12 | 00,223,480 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OFFICIAL-EMULE_SETUP.EXE
[2009/06/18 16:54:33 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/06/18 16:54:33 | 00,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2009/06/15 02:19:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/11 03:13:10 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/08 08:10:10 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/06/07 11:29:57 | 00,030,888 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/01 09:51:14 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/01 01:02:55 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
  • 0

#8
Essexboy
Posted 27 June 2009 - 03:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi it should be here C:\ComboFix.txt if not run it again and it will tell me what was deleted on the first run :)
  • 0

#9
trababe
Posted 28 June 2009 - 05:26 AM

trababe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Many thanks system is running much better still very slow but links to what i want it to. I also managed to find log. :)


Attached File  ComboFix.txt   14.1KB   100 downloads
  • 0

#10
trababe
Posted 28 June 2009 - 05:32 AM

trababe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Could you please tell me what i can get rid of to try and speed up system once this problem is resolved? As i have downloaded lots to try to solve it. :)

Edited by trababe, 28 June 2009 - 05:39 AM.

  • 0

Advertisements

#11
Essexboy
Posted 28 June 2009 - 05:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nicely done there :) I will go through the speed up on completion but, lets finalise the cleaning first :)

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
c:\program files\Free Offers from Freeze.com

:Commands
[purity]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#12
trababe
Posted 28 June 2009 - 08:15 AM

trababe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It wont let me upload OTL log, it says upload failed. You are not permitted to upload this type of file. So had to copy/paste. Fix was completed in less than 30 seconds, is that ok?


========== FILES ==========
c:\program files\Free Offers from Freeze.com moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.0.2.0 log created on 06282009_125754



Malwarebytes' Anti-Malware 1.38
Database version: 2345
Windows 5.1.2600 Service Pack 3

28/06/2009 13:49:12
mbam-log-2009-06-28 (13-49-12).txt

Scan type: Quick Scan
Objects scanned: 85684
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\ykgee3362.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry mechanic has told me that a registry has changed & do i want to run a full scan for details? :)
  • 0

#13
Essexboy
Posted 28 June 2009 - 08:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There will be registry changes as we remove the malware. No requirement to run Registry mechanic as generally they do more harm than good

OK now I will remove my tools and do a clean up. Then I will give guidance on how to speed things up

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


SPRING CLEAN

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)

SPEEDY TIME

To try and ease the startup try this

Download Startup Control Panel here
Instal and you will find a startup icon in the control panel - run this
  • In the HKLM tab, you may disable (be careful --> "disable") all the entries except your security software
  • In the HKCU tab, you may disable all entries.
  • In the StartUp tab, you may disable all entries.
Note : if you notice that some programs no longer run, you can enable them again by running Startup Control Panel, selecting the entry and choosing Run Now.
If you are in doubt with something, don't hesitate to ask :)


Then I have noticed that your RAM is below the minima required for windows

254.48 Mb Total Physical Memory | 86.59 Mb Available Physical Memory | 34.03% Memory free

512Mb is recommended but 1Gb would be better. If you go to the Crucial web site and click on scan my system, it will tell you how much more RAM you can put in your system, what type and how much
  • 0

#14
trababe
Posted 28 June 2009 - 09:36 AM

trababe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
HI have run the OTL & cleaned up but combofix is still there do i need to remove it through control panel? Have also removed registry mechanic. Getting there slowly. :)

Am going to keep MBAM & ERUNT but there was INTERGOPT that came with ERUNT, as i have no idea what it is or does do i need to keep it?

Edited by trababe, 28 June 2009 - 09:45 AM.

  • 0

#15
Essexboy
Posted 28 June 2009 - 09:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just delete the combofix file :)

INTERGOPT is the various languages for ERUNT keep it if you speak any language other than English

Keep me up to date with progress now :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP