Hello Essexboy,
Thank you for your quick response! Very much appreciated.
I downloaded and ran Free Dr. Web as instructed. However, I accidentally restarted my computer before I could copy down the log. I do know that 19 files were infected, 17 with Trojans and 2 with W32ramnet. Should I rerun Dr. Web?
Attached are the logs from OTL:
OTL logfile created on: 03/11/2010 10:06:54 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\SteveQ\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 401.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 97.27 Gb Free Space | 65.26% Space Free | Partition Type: NTFS
Computer Name: STEVE | User Name: SteveQ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2010/11/03 10:05:15 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SteveQ\My Documents\Downloads\OTL.exe
PRC - [2010/11/02 21:52:59 | 051,499,352 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\nquzkzr2.exe
PRC - [2010/10/29 00:13:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/28 10:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/08/03 19:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/09 14:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005/04/17 12:30:48 | 000,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/04/17 12:30:32 | 000,018,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
========== Modules (SafeList) ========== MOD - [2010/11/03 10:05:15 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SteveQ\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/10/04 23:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/04/17 12:30:42 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 15:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
========== Driver Services (SafeList) ========== DRV - File not found [File_System | Unknown | Running] -- -- (DwProt)
DRV - [2010/10/18 04:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101029.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 04:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101029.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 08:36:44 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/14 16:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/27 04:01:34 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/02/07 00:43:26 | 000,090,880 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/01/24 02:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/01 20:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 20:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 20:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 00:13:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 08:08:34 | 000,000,000 | ---D | M]
[2010/06/18 09:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Extensions
[2010/11/02 17:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions
[2010/07/22 09:07:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/02 15:16:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/24 12:57:45 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/01/24 12:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2008/09/18 00:30:58 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\searchplugins\winamp-search.xml
[2010/11/02 17:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 13:40:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 10:03:43 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/11/03 09:36:57 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [nonep] C:\Documents and Settings\SteveQ\Local Settings\Temp\tmpe2c134a2\KillEXE.exe (Macromedia, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [{6361B824-E58F-82F5-1647-0B88DD527ACB}] C:\Documents and Settings\SteveQ\Application Data\Anse\ydzi.exe (ACD Systems, Ltd.)
O4 - HKCU..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409}
https://mytdsb.on.ca...COL /relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.mi...b?1210959568511 (WUWebControl Class)
O16 - DPF: {6A615BCC-676D-41AA-AB4E-C1860690FFB4}
http://www.blacksmem.../RocketLife.cab (CFXEngine Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://knightsbridg...ing/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\rlfile {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - C:\WINDOWS\Downloaded Program Files\RocketEngine.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\Program Files\Microsoft\WaterMark.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\SteveQ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SteveQ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/14 00:13:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31c2ad24-30ca-11de-b8ac-001b773b1593}\Shell - "" = AutoRun
O33 - MountPoints2\{31c2ad24-30ca-11de-b8ac-001b773b1593}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31c2ad24-30ca-11de-b8ac-001b773b1593}\Shell\AutoRun\command - "" = E:\DTSP_Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/11/02 22:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\DoctorWeb
[2010/11/02 21:35:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SteveQ\Recent
[2010/11/02 16:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\Oxpiu
[2010/11/02 16:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\Anse
[2010/11/02 15:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Desktop\GooredFix Backups
[2010/11/02 15:28:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/02 15:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/02 15:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/02 10:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/11/02 05:52:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/23 14:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/23 14:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/23 14:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/15 14:26:37 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/15 14:26:22 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/15 14:25:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/10/13 23:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\Malwarebytes
[2010/10/13 23:19:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/13 23:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/13 23:19:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/13 23:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/13 21:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\SUPERAntiSpyware.com
[2010/10/13 21:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/13 21:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/13 21:54:13 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mb.exe
[2010/10/13 21:53:14 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\All Users\Documents\SUPERAntiSpyware.exe
[2010/10/13 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/13 16:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Desktop\Pictures
[2010/10/11 12:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\win
[2010/10/11 12:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\tmp
[2010/10/10 20:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\windows
[2010/10/10 20:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
========== Files - Modified Within 30 Days ========== [2010/11/03 10:26:07 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/03 09:42:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 09:42:13 | 000,000,276 | ---- | M] () -- C:\WINDOWS\System32\complete.dat
[2010/11/03 09:42:04 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/11/03 09:40:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 09:40:48 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/03 09:36:57 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/02 21:52:59 | 051,499,352 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\nquzkzr2.exe
[2010/11/02 15:21:48 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/02 15:21:37 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\NTREGOPT.lnk
[2010/11/02 15:21:37 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\ERUNT.lnk
[2010/10/29 13:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/28 13:06:44 | 000,013,610 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Allocation .xlsx
[2010/10/23 14:11:56 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/19 14:11:36 | 000,113,657 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\MG.jpg
[2010/10/16 03:56:19 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 03:30:21 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/16 03:30:21 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/15 14:14:23 | 000,000,014 | ---- | M] () -- C:\opera6.ini
[2010/10/14 09:41:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/13 21:59:14 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 21:57:18 | 002,400,461 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\MGtools.exe
[2010/10/13 21:55:51 | 003,878,092 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\ComboFix.exe
[2010/10/13 21:49:07 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mb.exe
[2010/10/13 21:48:22 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\All Users\Documents\SUPERAntiSpyware.exe
[2010/10/13 21:45:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\SteveQ\defogger_reenable
[2010/10/13 21:20:25 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\Shortcut to CCleaner.exe.lnk
[2010/10/13 19:55:21 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\SteveQ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 00:41:08 | 000,010,341 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Precious' Rec.xlsx
========== Files Created - No Company Name ========== [2010/11/03 09:40:48 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/02 21:35:04 | 051,499,352 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\nquzkzr2.exe
[2010/11/02 15:21:48 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/02 15:21:37 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\NTREGOPT.lnk
[2010/11/02 15:21:37 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\ERUNT.lnk
[2010/10/23 14:11:56 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/20 01:24:16 | 000,013,610 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Allocation .xlsx
[2010/10/19 14:11:35 | 000,113,657 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\MG.jpg
[2010/10/13 21:59:14 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 21:58:03 | 002,400,461 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\MGtools.exe
[2010/10/13 21:56:22 | 003,878,092 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\ComboFix.exe
[2010/10/13 21:45:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SteveQ\defogger_reenable
[2010/10/13 21:25:21 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/10/13 21:20:25 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\Shortcut to CCleaner.exe.lnk
[2010/10/10 20:51:07 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\complete.dat
[2010/10/10 20:50:47 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/10/07 00:39:02 | 000,010,341 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Precious' Rec.xlsx
[2010/06/27 21:39:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/05/12 03:06:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/11 08:59:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SteveQ\Local Settings\Application Data\prvlcl.dat
[2009/01/26 22:17:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/10/04 02:23:16 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\SteveQ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/16 14:49:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/05/16 14:49:50 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/05/16 14:49:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/05/16 14:49:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/05/13 19:54:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
========== Custom Scans ========== < netsvcs > < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=1705EB1083B8A8680F472BC08D53CA86 -- C:\WINDOWS\explorer.exe
[2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: WINLOGON.EXE >[2004/08/04 03:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=931CA42ABA62D644E080A6E1515CB636 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
< %systemroot%\*. /mp /s > < CREATERESTOREPOINT >< End of report >
OTL Extras logfile created on: 03/11/2010 10:06:54 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\SteveQ\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 401.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 97.27 Gb Free Space | 65.26% Space Free | Partition Type: NTFS
Computer Name: STEVE | User Name: SteveQ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1644491937-1275210071-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"13616:TCP" = 13616:TCP:*:Enabled:BitComet 13616 TCP
"13616:UDP" = 13616:UDP:*:Enabled:BitComet 13616 UDP
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Documents and Settings\SteveQ\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\SteveQ\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 21
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitComet" = BitComet 1.03
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"getPlus®_ocx" = getPlus®_ocx
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LimeWire" = LimeWire 4.18.6
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orb" = Winamp Remote
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 03/11/2010 9:43:01 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\Windows
NT\Accessories\wordpad.exe by: Auto-Protect scan. Action: Clean succeeded : Access
allowed. Action Description: The file was repaired successfully.
Error - 03/11/2010 9:43:01 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\ERUNT\NTREGOPT.EXE
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.
Error - 03/11/2010 9:43:01 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\QuickTime\QTTask.exe
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.
Error - 03/11/2010 9:43:01 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\ERUNT\AUTOBACK.EXE
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.
Error - 03/11/2010 9:43:01 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\Java\jre6\bin\msvcr71.dll
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.
Error - 03/11/2010 9:43:02 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\ERUNT\ERUNT.EXE
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.
Error - 03/11/2010 9:43:02 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.
Error - 03/11/2010 9:43:02 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\ltmoh\mohapi.dll
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.
Error - 03/11/2010 9:43:02 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\SUPERAntiSpyware\deupx.dll
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.
Error - 03/11/2010 9:43:02 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\DivX\DivX
Plus Player\DivX Plus Player.exe by: Auto-Protect scan. Action: Clean succeeded
: Access allowed. Action Description: The file was repaired successfully.
[ OSession Events ]
Error - 22/08/2009 10:59:39 PM | Computer Name = STEVE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02/11/2010 9:59:33 PM | Computer Name = STEVE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31
Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31
Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31
Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31
Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SAVRT SAVRTPEL
SYMTDI
Tcpip
Error - 02/11/2010 10:00:05 PM | Computer Name = STEVE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 03/11/2010 9:39:15 AM | Computer Name = STEVE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
Thank you!
lolaollie