Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect & W32Ramnit! Problems

Started by lolaollie , Nov 02 2010 02:13 PM

  • This topic is locked This topic is locked

#1
lolaollie
Posted 02 November 2010 - 02:13 PM

lolaollie

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

For about a month I have been having a problem with my Symantec Auto-Protect constantly finding and cleaning W32Ramnit!.html & W32Ramnit!.inf files. I have tried downloading programs (such as Malwarebytes, CCleaner, SUPERAntispyware) at the suggestions of various websites. I have become frustrated as nothing seems to work, so I am creating my own post.

For two days I have been having a Google (or any other search engine) redirect virus problem. I did try the directions on geekstogo.com to remove Google Redirect Virus using OTM, Goored, TDSSKiller, etc. but it did not help.

I am using Windows XP.

I am willing to work diligently to remove these pesky things from my computer once and for all, and I would appreciate the help of an experts out there!!!

The following is my OTM log:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\SteveQ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\SteveQ\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Alison

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1853840 bytes
->Flash cache emptied: 3176 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 227267324 bytes
->Java cache emptied: 4663 bytes
->Flash cache emptied: 10320 bytes

User: SteveQ
->Temp folder emptied: 9669320 bytes
->Temporary Internet Files folder emptied: 8994950 bytes
->Java cache emptied: 64177 bytes
->FireFox cache emptied: 114714424 bytes
->Flash cache emptied: 23545 bytes

User: Wedding Stuff

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145311 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 90199096 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 434.00 mb

Restore point Set: OTM Restore Point (68719476736)

OTM by OldTimer - Version 3.1.17.2 log created on 11022010_152856

Files moved on Reboot...

Registry entries deleted on Reboot...


Many thanks in advance,

lolaollie
  • 0

Advertisements

#2
Essexboy
Posted 02 November 2010 - 03:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lolaollie this is quite a vicious beastie. But lets get straight to work. I would like you to run the following programmes for me, the firsat may take a few hours the second is an analysis log

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Let it run the Express scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

ON COMPLETION

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

  • 0

#3
lolaollie
Posted 03 November 2010 - 09:14 AM

lolaollie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello Essexboy,

Thank you for your quick response! Very much appreciated.

I downloaded and ran Free Dr. Web as instructed. However, I accidentally restarted my computer before I could copy down the log. I do know that 19 files were infected, 17 with Trojans and 2 with W32ramnet. Should I rerun Dr. Web?

Attached are the logs from OTL:

OTL logfile created on: 03/11/2010 10:06:54 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\SteveQ\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 401.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 97.27 Gb Free Space | 65.26% Space Free | Partition Type: NTFS

Computer Name: STEVE | User Name: SteveQ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/03 10:05:15 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SteveQ\My Documents\Downloads\OTL.exe
PRC - [2010/11/02 21:52:59 | 051,499,352 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\nquzkzr2.exe
PRC - [2010/10/29 00:13:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/28 10:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/08/03 19:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/09 14:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005/04/17 12:30:48 | 000,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/04/17 12:30:32 | 000,018,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe


========== Modules (SafeList) ==========

MOD - [2010/11/03 10:05:15 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SteveQ\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/10/04 23:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/04/17 12:30:42 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 15:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Unknown | Running] -- -- (DwProt)
DRV - [2010/10/18 04:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101029.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 04:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101029.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 08:36:44 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/14 16:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/27 04:01:34 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/02/07 00:43:26 | 000,090,880 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/01/24 02:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/01 20:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 20:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 20:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 00:13:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 08:08:34 | 000,000,000 | ---D | M]

[2010/06/18 09:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Extensions
[2010/11/02 17:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions
[2010/07/22 09:07:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/02 15:16:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/24 12:57:45 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/01/24 12:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2008/09/18 00:30:58 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\searchplugins\winamp-search.xml
[2010/11/02 17:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 13:40:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 10:03:43 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/03 09:36:57 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [nonep] C:\Documents and Settings\SteveQ\Local Settings\Temp\tmpe2c134a2\KillEXE.exe (Macromedia, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [{6361B824-E58F-82F5-1647-0B88DD527ACB}] C:\Documents and Settings\SteveQ\Application Data\Anse\ydzi.exe (ACD Systems, Ltd.)
O4 - HKCU..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://mytdsb.on.ca...COL /relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1210959568511 (WUWebControl Class)
O16 - DPF: {6A615BCC-676D-41AA-AB4E-C1860690FFB4} http://www.blacksmem.../RocketLife.cab (CFXEngine Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://knightsbridg...ing/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\rlfile {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - C:\WINDOWS\Downloaded Program Files\RocketEngine.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\Program Files\Microsoft\WaterMark.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\SteveQ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SteveQ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/14 00:13:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31c2ad24-30ca-11de-b8ac-001b773b1593}\Shell - "" = AutoRun
O33 - MountPoints2\{31c2ad24-30ca-11de-b8ac-001b773b1593}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31c2ad24-30ca-11de-b8ac-001b773b1593}\Shell\AutoRun\command - "" = E:\DTSP_Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 22:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\DoctorWeb
[2010/11/02 21:35:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SteveQ\Recent
[2010/11/02 16:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\Oxpiu
[2010/11/02 16:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\Anse
[2010/11/02 15:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Desktop\GooredFix Backups
[2010/11/02 15:28:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/02 15:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/02 15:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/02 10:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/11/02 05:52:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/23 14:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/23 14:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/23 14:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/15 14:26:37 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/15 14:26:22 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/15 14:25:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/10/13 23:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\Malwarebytes
[2010/10/13 23:19:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/13 23:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/13 23:19:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/13 23:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/13 21:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\SUPERAntiSpyware.com
[2010/10/13 21:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/13 21:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/13 21:54:13 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mb.exe
[2010/10/13 21:53:14 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\All Users\Documents\SUPERAntiSpyware.exe
[2010/10/13 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/13 16:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Desktop\Pictures
[2010/10/11 12:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\win
[2010/10/11 12:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\tmp
[2010/10/10 20:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\windows
[2010/10/10 20:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/11/03 10:26:07 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/03 09:42:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 09:42:13 | 000,000,276 | ---- | M] () -- C:\WINDOWS\System32\complete.dat
[2010/11/03 09:42:04 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/11/03 09:40:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 09:40:48 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/03 09:36:57 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/02 21:52:59 | 051,499,352 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\nquzkzr2.exe
[2010/11/02 15:21:48 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/02 15:21:37 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\NTREGOPT.lnk
[2010/11/02 15:21:37 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\ERUNT.lnk
[2010/10/29 13:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/28 13:06:44 | 000,013,610 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Allocation .xlsx
[2010/10/23 14:11:56 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/19 14:11:36 | 000,113,657 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\MG.jpg
[2010/10/16 03:56:19 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 03:30:21 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/16 03:30:21 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/15 14:14:23 | 000,000,014 | ---- | M] () -- C:\opera6.ini
[2010/10/14 09:41:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/13 21:59:14 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 21:57:18 | 002,400,461 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\MGtools.exe
[2010/10/13 21:55:51 | 003,878,092 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\ComboFix.exe
[2010/10/13 21:49:07 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mb.exe
[2010/10/13 21:48:22 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\All Users\Documents\SUPERAntiSpyware.exe
[2010/10/13 21:45:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\SteveQ\defogger_reenable
[2010/10/13 21:20:25 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\Shortcut to CCleaner.exe.lnk
[2010/10/13 19:55:21 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\SteveQ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 00:41:08 | 000,010,341 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Precious' Rec.xlsx

========== Files Created - No Company Name ==========

[2010/11/03 09:40:48 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/02 21:35:04 | 051,499,352 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\nquzkzr2.exe
[2010/11/02 15:21:48 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/02 15:21:37 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\NTREGOPT.lnk
[2010/11/02 15:21:37 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\ERUNT.lnk
[2010/10/23 14:11:56 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/20 01:24:16 | 000,013,610 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Allocation .xlsx
[2010/10/19 14:11:35 | 000,113,657 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\MG.jpg
[2010/10/13 21:59:14 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 21:58:03 | 002,400,461 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\MGtools.exe
[2010/10/13 21:56:22 | 003,878,092 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\ComboFix.exe
[2010/10/13 21:45:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SteveQ\defogger_reenable
[2010/10/13 21:25:21 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/10/13 21:20:25 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\Shortcut to CCleaner.exe.lnk
[2010/10/10 20:51:07 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\complete.dat
[2010/10/10 20:50:47 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/10/07 00:39:02 | 000,010,341 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Precious' Rec.xlsx
[2010/06/27 21:39:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/05/12 03:06:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/11 08:59:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SteveQ\Local Settings\Application Data\prvlcl.dat
[2009/01/26 22:17:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/10/04 02:23:16 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\SteveQ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/16 14:49:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/05/16 14:49:50 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/05/16 14:49:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/05/16 14:49:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/05/13 19:54:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== Custom Scans ==========


< netsvcs >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=1705EB1083B8A8680F472BC08D53CA86 -- C:\WINDOWS\explorer.exe
[2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=931CA42ABA62D644E080A6E1515CB636 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

< End of report >






OTL Extras logfile created on: 03/11/2010 10:06:54 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\SteveQ\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 401.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 97.27 Gb Free Space | 65.26% Space Free | Partition Type: NTFS

Computer Name: STEVE | User Name: SteveQ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1644491937-1275210071-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"13616:TCP" = 13616:TCP:*:Enabled:BitComet 13616 TCP
"13616:UDP" = 13616:UDP:*:Enabled:BitComet 13616 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Documents and Settings\SteveQ\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\SteveQ\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitComet" = BitComet 1.03
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"getPlus®_ocx" = getPlus®_ocx
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LimeWire" = LimeWire 4.18.6
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orb" = Winamp Remote
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/11/2010 9:43:01 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\Windows
NT\Accessories\wordpad.exe by: Auto-Protect scan. Action: Clean succeeded : Access
allowed. Action Description: The file was repaired successfully.

Error - 03/11/2010 9:43:01 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\ERUNT\NTREGOPT.EXE
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.

Error - 03/11/2010 9:43:01 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\QuickTime\QTTask.exe
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.

Error - 03/11/2010 9:43:01 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\ERUNT\AUTOBACK.EXE
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.

Error - 03/11/2010 9:43:01 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\Java\jre6\bin\msvcr71.dll
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.

Error - 03/11/2010 9:43:02 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\ERUNT\ERUNT.EXE
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.

Error - 03/11/2010 9:43:02 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.

Error - 03/11/2010 9:43:02 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\ltmoh\mohapi.dll
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.

Error - 03/11/2010 9:43:02 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\SUPERAntiSpyware\deupx.dll
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.

Error - 03/11/2010 9:43:02 AM | Computer Name = STEVE | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Ramnit!inf in File: C:\Program Files\DivX\DivX
Plus Player\DivX Plus Player.exe by: Auto-Protect scan. Action: Clean succeeded
: Access allowed. Action Description: The file was repaired successfully.

[ OSession Events ]
Error - 22/08/2009 10:59:39 PM | Computer Name = STEVE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 02/11/2010 9:59:33 PM | Computer Name = STEVE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 02/11/2010 9:59:36 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SAVRT SAVRTPEL
SYMTDI
Tcpip

Error - 02/11/2010 10:00:05 PM | Computer Name = STEVE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 03/11/2010 9:39:15 AM | Computer Name = STEVE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >


Thank you!

lolaollie
  • 0

#4
Essexboy
Posted 03 November 2010 - 02:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Still a ways to go but we are making progress

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [nonep] C:\Documents and Settings\SteveQ\Local Settings\Temp\tmpe2c134a2\KillEXE.exe (Macromedia, Inc.)
    O4 - HKCU..\Run: [{6361B824-E58F-82F5-1647-0B88DD527ACB}] C:\Documents and Settings\SteveQ\Application Data\Anse\ydzi.exe (ACD Systems, Ltd.)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\Program Files\Microsoft\WaterMark.exe ()
    [2010/11/02 16:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\Oxpiu
    [2010/11/02 16:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\Anse
    [2010/10/11 12:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\win
    [2010/10/11 12:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\tmp
    [2010/10/10 20:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\windows
    [2010/10/10 20:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\Windows\system32\userinit.exe,"

    :Files
    ipconfig /flushdns /c
    c:\program files\microsoft\watermark.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
lolaollie
Posted 03 November 2010 - 07:42 PM

lolaollie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello again,

Here is the OTL text:

OTL logfile created on: 03/11/2010 5:42:33 PM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\SteveQ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 334.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 94.11 Gb Free Space | 63.15% Space Free | Partition Type: NTFS

Computer Name: STEVE | User Name: SteveQ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/03 17:21:13 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SteveQ\Desktop\OTL(2).exe
PRC - [2010/10/29 00:13:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/29 00:13:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/28 10:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/08/03 19:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/09 14:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005/04/17 12:30:48 | 000,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe


========== Modules (SafeList) ==========

MOD - [2010/11/03 17:21:13 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SteveQ\Desktop\OTL(2).exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/10/04 23:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/04/17 12:30:42 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 15:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/10/18 04:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101029.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 04:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101029.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 08:36:44 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/14 16:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/27 04:01:34 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/02/07 00:43:26 | 000,090,880 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/01/24 02:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/01 20:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 20:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 20:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1644491937-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 00:13:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 08:08:34 | 000,000,000 | ---D | M]

[2010/06/18 09:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Extensions
[2010/11/02 17:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions
[2010/07/22 09:07:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/02 15:16:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/24 12:57:45 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/01/24 12:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2008/09/18 00:30:58 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\searchplugins\winamp-search.xml
[2010/11/02 17:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 13:40:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 17:07:56 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/03 17:23:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [svpaluvo] C:\Documents and Settings\NetworkService\Local Settings\Application Data\ecmqemdmw\abslqwbtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [svpaluvo] C:\Documents and Settings\NetworkService\Local Settings\Application Data\ecmqemdmw\abslqwbtssd.exe File not found
O4 - HKU\S-1-5-21-1644491937-1275210071-725345543-1003..\Run: [{6361B824-E58F-82F5-1647-0B88DD527ACB}] C:\Documents and Settings\SteveQ\Application Data\Anse\ydzi.exe File not found
O4 - HKU\S-1-5-21-1644491937-1275210071-725345543-1003..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-1644491937-1275210071-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://mytdsb.on.ca...COL /relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1210959568511 (WUWebControl Class)
O16 - DPF: {6A615BCC-676D-41AA-AB4E-C1860690FFB4} http://www.blacksmem.../RocketLife.cab (CFXEngine Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://knightsbridg...ing/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\rlfile {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - C:\WINDOWS\Downloaded Program Files\RocketEngine.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\program files\microsoft\watermark.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\SteveQ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SteveQ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/14 00:13:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31c2ad24-30ca-11de-b8ac-001b773b1593}\Shell - "" = AutoRun
O33 - MountPoints2\{31c2ad24-30ca-11de-b8ac-001b773b1593}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31c2ad24-30ca-11de-b8ac-001b773b1593}\Shell\AutoRun\command - "" = E:\DTSP_Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/03 17:23:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/03 17:21:43 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SteveQ\Desktop\OTL(2).exe
[2010/11/02 22:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\DoctorWeb
[2010/11/02 21:35:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SteveQ\Recent
[2010/11/02 15:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Desktop\GooredFix Backups
[2010/11/02 15:28:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/02 15:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/02 15:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/02 10:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/11/02 05:52:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/23 14:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/23 14:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/23 14:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/13 23:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\Malwarebytes
[2010/10/13 23:19:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/13 23:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/13 23:19:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/13 23:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/13 21:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Application Data\SUPERAntiSpyware.com
[2010/10/13 21:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/13 21:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/13 21:54:13 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mb.exe
[2010/10/13 21:53:14 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\All Users\Documents\SUPERAntiSpyware.exe
[2010/10/13 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/13 16:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SteveQ\Desktop\Pictures

========== Files - Modified Within 30 Days ==========

[2010/11/03 18:04:21 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/03 17:30:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 17:29:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 17:29:07 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/03 17:23:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/03 17:21:13 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SteveQ\Desktop\OTL(2).exe
[2010/11/03 16:20:27 | 000,000,300 | ---- | M] () -- C:\WINDOWS\System32\complete.dat
[2010/11/02 21:52:59 | 051,499,352 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\nquzkzr2.exe
[2010/11/02 15:21:48 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/02 15:21:37 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\NTREGOPT.lnk
[2010/11/02 15:21:37 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\ERUNT.lnk
[2010/10/29 13:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/28 13:06:44 | 000,013,610 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Allocation .xlsx
[2010/10/23 14:11:56 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/19 14:11:36 | 000,113,657 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\MG.jpg
[2010/10/16 03:56:19 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 03:30:21 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/16 03:30:21 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/15 14:14:23 | 000,000,014 | ---- | M] () -- C:\opera6.ini
[2010/10/14 09:41:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/13 21:59:14 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 21:57:18 | 002,400,461 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\MGtools.exe
[2010/10/13 21:49:07 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mb.exe
[2010/10/13 21:48:22 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\All Users\Documents\SUPERAntiSpyware.exe
[2010/10/13 21:45:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\SteveQ\defogger_reenable
[2010/10/13 21:20:25 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\Shortcut to CCleaner.exe.lnk
[2010/10/13 19:55:21 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\SteveQ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 00:41:08 | 000,010,341 | ---- | M] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Precious' Rec.xlsx

========== Files Created - No Company Name ==========

[2010/11/03 09:40:48 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/02 21:35:04 | 051,499,352 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\nquzkzr2.exe
[2010/11/02 15:21:48 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/02 15:21:37 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\NTREGOPT.lnk
[2010/11/02 15:21:37 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\ERUNT.lnk
[2010/10/23 14:11:56 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/20 01:24:16 | 000,013,610 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Allocation .xlsx
[2010/10/19 14:11:35 | 000,113,657 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\MG.jpg
[2010/10/13 21:59:14 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 21:58:03 | 002,400,461 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\MGtools.exe
[2010/10/13 21:45:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SteveQ\defogger_reenable
[2010/10/13 21:25:21 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\SteveQ\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/10/13 21:20:25 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\Shortcut to CCleaner.exe.lnk
[2010/10/10 20:51:07 | 000,000,300 | ---- | C] () -- C:\WINDOWS\System32\complete.dat
[2010/10/10 20:50:47 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/10/07 00:39:02 | 000,010,341 | ---- | C] () -- C:\Documents and Settings\SteveQ\Desktop\Julie & Randy Precious' Rec.xlsx
[2010/06/27 21:39:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/05/12 03:06:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/11 08:59:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SteveQ\Local Settings\Application Data\prvlcl.dat
[2009/01/26 22:17:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/10/04 02:23:16 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\SteveQ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/16 14:49:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/05/16 14:49:50 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/05/16 14:49:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/05/16 14:49:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/05/13 19:54:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2008/08/21 20:20:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/09/17 23:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/01/26 22:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/17 13:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/02 16:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/01/26 22:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Canon
[2010/11/02 14:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Evidty
[2010/11/02 14:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Ezquvy
[2010/10/14 09:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Iqroet
[2010/06/18 09:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\LimeWire
[2009/01/26 22:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\ScanSoft
[2010/10/14 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Uqkoi
[2010/10/14 09:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Urlio
[2009/09/17 14:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\webex
[2009/08/20 17:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Worksimaging
[2010/10/14 08:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Yqsy

========== Purity Check ==========



< End of report >



and here is the ComboFix file:

ComboFix 10-11-02.06 - SteveQ 03/11/2010 20:53:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.189 [GMT -4:00]
Running from: c:\documents and settings\SteveQ\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\SteveQ\Application Data\Anse\ydzi.exe
c:\documents and settings\SteveQ\g2mdlhlpx.exe
c:\windows\system32\dmlconf.dat

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))))
.

2010-11-03 21:23 . 2010-11-03 21:23 -------- d-----w- C:\_OTL
2010-11-03 02:06 . 2010-11-03 12:25 -------- d-----w- c:\documents and settings\SteveQ\DoctorWeb
2010-11-02 19:28 . 2010-11-02 19:28 -------- d-----w- C:\_OTM
2010-11-02 19:21 . 2010-11-02 19:21 -------- d-----w- c:\program files\ERUNT
2010-11-02 14:36 . 2010-11-02 14:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-23 18:10 . 2010-10-23 18:10 -------- d-----w- c:\program files\iPod
2010-10-23 18:10 . 2010-10-23 18:11 -------- d-----w- c:\program files\iTunes
2010-10-23 18:04 . 2010-10-23 18:04 -------- d-----w- c:\program files\Bonjour
2010-10-15 18:26 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 18:26 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-15 18:25 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-14 03:20 . 2010-10-14 03:20 -------- d-----w- c:\documents and settings\SteveQ\Application Data\Malwarebytes
2010-10-14 03:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 03:19 . 2010-10-14 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-14 03:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 03:19 . 2010-10-14 13:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-14 01:59 . 2010-10-14 01:59 -------- d-----w- c:\documents and settings\SteveQ\Application Data\SUPERAntiSpyware.com
2010-10-14 01:59 . 2010-10-14 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-14 01:59 . 2010-10-14 01:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-14 01:13 . 2010-11-03 21:41 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2004-08-04 07:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 07:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-04 07:56 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 07:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 07:56 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-04 07:56 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 06:17 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 07:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 07:56 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 06:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 20:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 07:56 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 07:56 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 07:56 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-12 04:07 . 2010-09-24 17:02 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-08-12 04:07 . 2010-09-24 17:02 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-08-12 04:07 . 2008-11-20 19:19 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07 . 2008-09-18 03:12 133616 -c----w- c:\windows\system32\pxafs.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-04 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\SteveQ\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-11-02 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-10-16 07:56 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13616:TCP"= 13616:TCP:BitComet 13616 TCP
"13616:UDP"= 13616:UDP:BitComet 13616 UDP

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 2:41 PM 67656]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13/10/2010 11:19 PM 38224]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17/04/2005 12:30 PM 124608]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrv11010
*Deregistered* - EraserUtilRebootDrv
.
Contents of the 'Scheduled Tasks' folder

2010-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/relayp.cab
FF - ProfilePath - c:\documents and settings\SteveQ\Application Data\Mozilla\Firefox\Profiles\rojc4dpe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{6361B824-E58F-82F5-1647-0B88DD527ACB} - c:\documents and settings\SteveQ\Application Data\Anse\ydzi.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\WgaTray.exe
c:\windows\RTHDCPL.EXE
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-11-03 21:25:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-04 01:25

Pre-Run: 97,528,799,232 bytes free
Post-Run: 97,033,695,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C3DA26B2EE6F60E3F5E679E7E6A42A74


Thank you!
  • 0

#6
Essexboy
Posted 04 November 2010 - 12:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of these runs can you let me know what problems remain please

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\.DEFAULT..\Run: [svpaluvo] C:\Documents and Settings\NetworkService\Local Settings\Application Data\ecmqemdmw\abslqwbtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [svpaluvo] C:\Documents and Settings\NetworkService\Local Settings\Application Data\ecmqemdmw\abslqwbtssd.exe File not found
    O4 - HKU\S-1-5-21-1644491937-1275210071-725345543-1003..\Run: [{6361B824-E58F-82F5-1647-0B88DD527ACB}] C:\Documents and Settings\SteveQ\Application Data\Anse\ydzi.exe File not found
    O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\program files\microsoft\watermark.exe File not found
    [2010/11/02 14:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Evidty
    [2010/11/02 14:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Ezquvy
    [2010/10/14 09:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Iqroet
    [2010/10/14 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Uqkoi
    [2010/10/14 09:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Urlio
    [2010/10/14 08:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SteveQ\Application Data\Yqsy

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#7
lolaollie
Posted 04 November 2010 - 09:07 PM

lolaollie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you, Essexboy! You have been a wonderful help. I did not think it possible that my computer would be functioning so much better, and so quickly!

Currently I am not experiencing any problems with Google. I am able to access any webpage. The W32Ramnit! virus was last found by Symantec 17 hours ago.

Attached are the logs:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\svpaluvo not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\svpaluvo not found.
Registry value HKEY_USERS\S-1-5-21-1644491937-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\{6361B824-E58F-82F5-1647-0B88DD527ACB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6361B824-E58F-82F5-1647-0B88DD527ACB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\program files\microsoft\watermark.exe deleted successfully.
C:\Documents and Settings\SteveQ\Application Data\Evidty folder moved successfully.
C:\Documents and Settings\SteveQ\Application Data\Ezquvy folder moved successfully.
C:\Documents and Settings\SteveQ\Application Data\Iqroet folder moved successfully.
C:\Documents and Settings\SteveQ\Application Data\Uqkoi folder moved successfully.
C:\Documents and Settings\SteveQ\Application Data\Urlio folder moved successfully.
C:\Documents and Settings\SteveQ\Application Data\Yqsy folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\SteveQ\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\SteveQ\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Alison

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: SteveQ
->Temp folder emptied: 188753 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71553638 bytes
->Flash cache emptied: 9872 bytes

User: Wedding Stuff

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 69.00 mb


[EMPTYFLASH]

User: Alison

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: SteveQ
->Flash cache emptied: 0 bytes

User: Wedding Stuff

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.17.2 log created on 11042010_222639

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5049

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

04/11/2010 11:00:59 PM
mbam-log-2010-11-04 (23-00-59).txt

Scan type: Quick scan
Objects scanned: 143042
Time elapsed: 24 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Does this mean we're in the clear?!
  • 0

#8
Essexboy
Posted 05 November 2010 - 01:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disc check
[attachment=45813:Boot defrag.jpg]

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe ;)
  • 0

#9
Essexboy
Posted 07 November 2010 - 03:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP