Please rename ComboFix.exe file -> whatever.exe and try to run it (in safe mode if needed). If run was successful post back the log and run OTL (in normal mode) again to create new OTL.txt log.
Please rename ComboFix.exe file -> whatever.exe and try to run it (in safe mode if needed). If run was successful post back the log and run OTL (in normal mode) again to create new OTL.txt log.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Sorry, I missed this. Yes, please post details about those while posting those requested logs.I looked at the error and clicked technical details. It showed me the two files associated with the System Utility Configuration. Would you like those files as well as the files associated with the WMI error?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
ComboFix (whatever.exe) and Errors
Tried to run ComboFix again, only got to the screen that states the scan shouldn't take longer than 10 minutes. Let the scan run for 30+ minutes and it froze.
This is the info for the System Configuration Utility Error that only pops up once.
"Error Signature
EventType : InPageError P1 : c000009c P2 : 00000003
The following files will be included in this report:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WEReb81.dir00\msconfig.exe.mdmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WEReb81.dir00\appcompat.txt"
This is the info for the WMI Performance Adapter Service error that does not stop popping up even if I tell it to send or not send the error
"Error Signature
EventType : InPageError P1 : c000009c P2 : 00000003
The following files will be included in this report:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER3a88.dir00\wmiapsrv.exe.mdmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER3a88.dir00\appcompat.txt"
Hi,
May I ask did you change any registry settings before I started assisting you?
Run a disk check on your hard drive by following instructions here.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Registry Change
I did change a few registry files associated with the virus files I had found through spybot. I am away from my computer right now but can run the scan tonight. Do I need to do anything after I run the scan like post a log or results?
Do you have any notes made about those changes? Registry is pretty sensitive and even a small wrong adjustment may cause bad results.I did change a few registry files associated with the virus files I had found through spybot.
When done that, run OTL again. Also, please check if C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe file exists.Do I need to do anything after I run the scan like post a log or results?
Download GMER here by clicking download exe -button and then saving it your desktop:
- Double-click .exe that you downloaded
- Click rootkit-tab, uncheck files option and then click scan.
- Don't check
Show All
box while scanning in progress!- When scanning is ready, click Copy.
- This copies log to clipboard
- Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Registry Change
I do not have any notes from the changes I made in the registry. Now that I know this information I will never touch it again without being advised. I will run all of that stuff and send it back to you in a few hours.
Just to make sure, on the check for Disk Errors, when the Check for Disk Errors option comes up the link told me to check the box that says, "Scan for and attempt recovery of bad sectors." However it never told me whether or not to UNcheck the box that says, "Automatically fix system file errors." Should I leave that box checked or UNcheck that box?
Leave that box checked.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Error Check and File
This file is still on my computer: C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
I ran the error check and the only error I am getting is the System Configuration, the WMI error does not come up at all.
Here is my OTL Log:
OTL logfile created on: 11/30/2010 4:13:35 PM - Run 7
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
503.00 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 46.15 Gb Free Space | 82.58% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: CREXJR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (PEVSystemStart) -- C:\whatever.exe\PEV.cfx File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ()
SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe ()
========== Driver Services (SafeList) ==========
DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://webmail.mizzou.edu/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 11:18:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 07:04:57 | 000,000,000 | ---D | M]
[2009/10/07 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/11/30 07:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions
[2010/04/26 20:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/13 06:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\personas@christopher.beard
[2009/12/05 09:10:36 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\searchplugins\aim-search.xml
[2010/11/30 07:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/26 07:19:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/26 07:17:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/10/20 09:36:58 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml
O1 HOSTS File: ([2010/11/13 11:19:33 | 000,425,401 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14658 more lines...
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1254503707578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1254503766796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/02 09:26:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b72adcc6-2a6a-11df-baaa-000b7d264beb}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/30 10:14:57 | 000,000,000 | --SD | C] -- C:\whatever.exe
[2010/11/28 11:24:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/26 19:20:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/26 19:20:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/26 19:20:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/26 19:20:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/26 19:18:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 07:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/26 07:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/26 07:19:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:19:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:08:25 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 00:34:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/13 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/13 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/13 10:22:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/11/13 09:54:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 09:54:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 09:39:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/11/13 09:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/30 16:12:13 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{89CBC202-F144-4B9C-88DB-B7B395412A15}.job
[2010/11/30 16:09:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/30 16:09:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/30 14:54:41 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/30 07:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/30 06:43:49 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/29 10:43:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/28 14:14:53 | 003,981,348 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\whatever.exe.exe
[2010/11/28 11:24:10 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/11/26 19:19:57 | 000,451,788 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/26 19:19:57 | 000,077,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/26 07:38:03 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/26 07:17:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:17:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:17:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/26 07:09:43 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 07:04:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/13 11:19:33 | 000,425,401 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/13 10:48:35 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:16 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 10:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/28 11:24:10 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/11/28 11:24:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/26 19:20:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/26 19:20:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/26 19:20:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/26 19:20:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/26 19:20:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 14:11:08 | 003,981,348 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\whatever.exe.exe
[2010/11/26 07:37:40 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/13 10:48:33 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:15 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 09:54:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 21:53:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/15 07:39:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/10/07 15:48:02 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 10:35:23 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/02 11:06:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/02 11:06:02 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/02 10:46:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/10/02 04:13:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/14 06:00:00 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\iccvid.dll
[2008/04/14 06:00:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\msports.dll
< End of report >
GMER Scan
Here is the GMER scan
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-30 16:27:56
Windows 5.1.2600 Service Pack 3
Running: w7k885mu.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aftdqpog.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
---- EOF - GMER 1.0.15 ----
Posting Permissions
