Page 1 of 11 12345 ... LastLast
Results 1 to 10 of 103

Thread: ThinkPoint Removal Help

  1. #1
    Member
    Join Date
    Oct 2010
    Location
    Columbia, MO
    Posts
    66

    Default ThinkPoint Removal Help

    I need help still removing the ThinkPoint Rogue. I have used MalwareBytes in the way prescribe in my post that was earlier closed (http://forums.spybot.info/showthread...903#post387903). I deleted all bugs found with that.

    From there I backed up the registry with the tool provided.

    From there I was able to get on my system without ThinkPoint popping up. I tried to get a DDS log. It started up in a command window, after running for almost 10 minutes it still did not provide a log. It said it should take no longer than 3 minutes. After trying to run this 3 times and getting no log I decided to run Spybot.

    I turned off TeaTimer, updated spybot and ran it. It found nothing but I did get a log.

    On a side note, everything I have done has been in safemode with networking because my computer moves too slow when I start up Windows regularly.

    Let me know what actions I should take next and thanks for looking at this!


    --- Search result list ---
    Congratulations!: No immediate threats were found. (Status)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2004-04-27 unins000.exe (51.13.0.0)
    2010-05-20 unins001.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2004-05-12 borlndmm.dll (7.0.4.453)
    2004-05-12 delphimm.dll (7.0.4.453)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2004-05-12 UnzDll.dll (1.73.1.1)
    2004-05-12 ZipDll.dll (1.73.2.0)
    2010-06-29 Includes\Adware.sbi (*)
    2010-10-12 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-09-22 Includes\Dialer.sbi (*)
    2010-10-12 Includes\DialerC.sbi (*)
    2010-01-25 Includes\HeavyDuty.sbi (*)
    2010-11-04 Includes\Hijackers.sbi (*)
    2010-11-03 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-08-02 Includes\Keyloggers.sbi (*)
    2010-10-12 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2010-09-13 Includes\Malware.sbi (*)
    2010-11-09 Includes\MalwareC.sbi (*)
    2010-05-18 Includes\PUPS.sbi (*)
    2010-10-12 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2010-10-12 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2010-06-29 Includes\Spyware.sbi (*)
    2010-10-26 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-11-02 Includes\Trojans.sbi (*)
    2010-10-12 Includes\TrojansC-02.sbi (*)
    2010-10-12 Includes\TrojansC-03.sbi (*)
    2010-10-12 Includes\TrojansC-04.sbi (*)
    2010-11-09 Includes\TrojansC-05.sbi (*)
    2010-10-12 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player: Security Update for Windows Media Player (KB2378111)
    / Windows Media Player: Security Update for Windows Media Player (KB952069)
    / Windows Media Player: Security Update for Windows Media Player (KB954155)
    / Windows Media Player: Security Update for Windows Media Player (KB968816)
    / Windows Media Player: Security Update for Windows Media Player (KB973540)
    / Windows Media Player: Security Update for Windows Media Player (KB975558)
    / Windows Media Player: Security Update for Windows Media Player (KB978695)
    / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2183461)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2360131)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
    / Windows XP / SP0: Update for Windows Internet Explorer 8 (KB973874)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB974455)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB976325)
    / Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976662)
    / Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976749)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB978207)
    / Windows XP / SP0: Update for Windows Internet Explorer 8 (KB980182)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB981332)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB982381)
    / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
    / Windows XP / SP3: Update for Windows XP (KB898461)
    / Windows XP / SP4: Security Update for Windows XP (KB2079403)
    / Windows XP / SP4: Security Update for Windows XP (KB2115168)
    / Windows XP / SP4: Security Update for Windows XP (KB2121546)
    / Windows XP / SP4: Update for Windows XP (KB2141007)
    / Windows XP / SP4: Hotfix for Windows XP (KB2158563)
    / Windows XP / SP4: Security Update for Windows XP (KB2160329)
    / Windows XP / SP4: Security Update for Windows XP (KB2229593)
    / Windows XP / SP4: Security Update for Windows XP (KB2259922)
    / Windows XP / SP4: Security Update for Windows XP (KB2279986)
    / Windows XP / SP4: Security Update for Windows XP (KB2286198)
    / Windows XP / SP4: Security Update for Windows XP (KB2296011)
    / Windows XP / SP4: Update for Windows XP (KB2345886)
    / Windows XP / SP4: Security Update for Windows XP (KB2347290)
    / Windows XP / SP4: Security Update for Windows XP (KB2360937)
    / Windows XP / SP4: Security Update for Windows XP (KB2387149)
    / Windows XP / SP4: Security Update for Windows XP (KB923561)
    / Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB946648)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB950974)
    / Windows XP / SP4: Security Update for Windows XP (KB951066)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951748)
    / Windows XP / SP4: Update for Windows XP (KB951978)
    / Windows XP / SP4: Security Update for Windows XP (KB952004)
    / Windows XP / SP4: Hotfix for Windows XP (KB952287)
    / Windows XP / SP4: Security Update for Windows XP (KB952954)
    / Windows XP / SP4: Security Update for Windows XP (KB954459)
    / Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
    / Windows XP / SP4: Security Update for Windows XP (KB954600)
    / Windows XP / SP4: Security Update for Windows XP (KB955069)
    / Windows XP / SP4: Update for Windows XP (KB955759)
    / Windows XP / SP4: Security Update for Windows XP (KB956572)
    / Windows XP / SP4: Security Update for Windows XP (KB956744)
    / Windows XP / SP4: Security Update for Windows XP (KB956802)
    / Windows XP / SP4: Security Update for Windows XP (KB956803)
    / Windows XP / SP4: Security Update for Windows XP (KB956844)
    / Windows XP / SP4: Security Update for Windows XP (KB957097)
    / Windows XP / SP4: Security Update for Windows XP (KB958644)
    / Windows XP / SP4: Security Update for Windows XP (KB958687)
    / Windows XP / SP4: Security Update for Windows XP (KB958869)
    / Windows XP / SP4: Security Update for Windows XP (KB959426)
    / Windows XP / SP4: Security Update for Windows XP (KB960225)
    / Windows XP / SP4: Security Update for Windows XP (KB960803)
    / Windows XP / SP4: Security Update for Windows XP (KB960859)
    / Windows XP / SP4: Hotfix for Windows XP (KB961118)
    / Windows XP / SP4: Security Update for Windows XP (KB961371-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB961501)
    / Windows XP / SP4: Update for Windows XP (KB967715)
    / Windows XP / SP4: Update for Windows XP (KB968389)
    / Windows XP / SP4: Security Update for Windows XP (KB968537)
    / Windows XP / SP4: Security Update for Windows XP (KB969059)
    / Windows XP / SP4: Security Update for Windows XP (KB969947)
    / Windows XP / SP4: Security Update for Windows XP (KB970238)
    / Windows XP / SP4: Security Update for Windows XP (KB970430)
    / Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
    / Windows XP / SP4: Security Update for Windows XP (KB971468)
    / Windows XP / SP4: Security Update for Windows XP (KB971486)
    / Windows XP / SP4: Security Update for Windows XP (KB971557)
    / Windows XP / SP4: Security Update for Windows XP (KB971633)
    / Windows XP / SP4: Security Update for Windows XP (KB971657)
    / Windows XP / SP4: Update for Windows XP (KB971737)
    / Windows XP / SP4: Security Update for Windows XP (KB971961)
    / Windows XP / SP4: Security Update for Windows XP (KB972260)
    / Windows XP / SP4: Security Update for Windows XP (KB972270)
    / Windows XP / SP4: Security Update for Windows XP (KB973346)
    / Windows XP / SP4: Security Update for Windows XP (KB973354)
    / Windows XP / SP4: Security Update for Windows XP (KB973507)
    / Windows XP / SP4: Security Update for Windows XP (KB973525)
    / Windows XP / SP4: Update for Windows XP (KB973687)
    / Windows XP / SP4: Update for Windows XP (KB973815)
    / Windows XP / SP4: Security Update for Windows XP (KB973869)
    / Windows XP / SP4: Security Update for Windows XP (KB973904)
    / Windows XP / SP4: Security Update for Windows XP (KB974112)
    / Windows XP / SP4: Security Update for Windows XP (KB974318)
    / Windows XP / SP4: Security Update for Windows XP (KB974392)
    / Windows XP / SP4: Security Update for Windows XP (KB974571)
    / Windows XP / SP4: Security Update for Windows XP (KB975025)
    / Windows XP / SP4: Security Update for Windows XP (KB975467)
    / Windows XP / SP4: Security Update for Windows XP (KB975560)
    / Windows XP / SP4: Security Update for Windows XP (KB975561)
    / Windows XP / SP4: Security Update for Windows XP (KB975562)
    / Windows XP / SP4: Security Update for Windows XP (KB975713)
    / Windows XP / SP4: Hotfix for Windows XP (KB976098-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB977165)
    / Windows XP / SP4: Security Update for Windows XP (KB977816)
    / Windows XP / SP4: Security Update for Windows XP (KB977914)
    / Windows XP / SP4: Security Update for Windows XP (KB978037)
    / Windows XP / SP4: Security Update for Windows XP (KB978251)
    / Windows XP / SP4: Security Update for Windows XP (KB978262)
    / Windows XP / SP4: Security Update for Windows XP (KB978338)
    / Windows XP / SP4: Security Update for Windows XP (KB978542)
    / Windows XP / SP4: Security Update for Windows XP (KB978601)
    / Windows XP / SP4: Security Update for Windows XP (KB978706)
    / Windows XP / SP4: Hotfix for Windows XP (KB979306)
    / Windows XP / SP4: Security Update for Windows XP (KB979309)
    / Windows XP / SP4: Security Update for Windows XP (KB979482)
    / Windows XP / SP4: Security Update for Windows XP (KB979559)
    / Windows XP / SP4: Security Update for Windows XP (KB979683)
    / Windows XP / SP4: Security Update for Windows XP (KB979687)
    / Windows XP / SP4: Security Update for Windows XP (KB980195)
    / Windows XP / SP4: Security Update for Windows XP (KB980218)
    / Windows XP / SP4: Security Update for Windows XP (KB980232)
    / Windows XP / SP4: Security Update for Windows XP (KB980436)
    / Windows XP / SP4: Security Update for Windows XP (KB981322)
    / Windows XP / SP4: Hotfix for Windows XP (KB981793)
    / Windows XP / SP4: Security Update for Windows XP (KB981852)
    / Windows XP / SP4: Security Update for Windows XP (KB981957)
    / Windows XP / SP4: Security Update for Windows XP (KB981997)
    / Windows XP / SP4: Security Update for Windows XP (KB982132)
    / Windows XP / SP4: Security Update for Windows XP (KB982214)
    / Windows XP / SP4: Security Update for Windows XP (KB982665)
    / Windows XP / SP4: Security Update for Windows XP (KB982802)
    / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


    --- Startup entries list ---
    Located: HK_LM:Run, Adobe ARM
    command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    size: 932288
    MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    size: 35760
    MD5: 12673BCF7B32087DF63F0CFF550EA40B

    Located: HK_LM:Run, AppleSyncNotifier
    command: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    file: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    size: 47392
    MD5: FD89A30C8A9FF4929ABC5039E6A527A4

    Located: HK_LM:Run, Broadcom Wireless Manager UI
    command: C:\WINDOWS\system32\WLTRAY.exe
    file: C:\WINDOWS\system32\WLTRAY.exe
    size: 1392640
    MD5: 17CEC1CB41C5580DBE20984FC73BC4F4

    Located: HK_LM:Run, igfxhkcmd
    command: C:\WINDOWS\system32\hkcmd.exe
    file: C:\WINDOWS\system32\hkcmd.exe
    size: 77824
    MD5: 6CCDA2BE86943E8F1180A99CB85FBCEE

    Located: HK_LM:Run, igfxpers
    command: C:\WINDOWS\system32\igfxpers.exe
    file: C:\WINDOWS\system32\igfxpers.exe
    size: 118784
    MD5: 8621E27BB6A718A9B6F9C95C03BE5BC2

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 421160
    MD5: DDACBCA1D0E66BBA5C984842F372A6D4

    Located: HK_LM:Run, Malwarebytes Anti-Malware (reboot)
    command: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    file: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    size: 1090952
    MD5: D594EA4AC1C0E4675EF2F0063950ABEF

    Located: HK_LM:Run, MSConfig
    command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    size: 169984
    MD5:

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    file: C:\Program Files\QuickTime\QTTask.exe
    size: 421888
    MD5: 69581380E69C8DCE30EDE2A463C912EE

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-484763869-1935655697-1606980848-500...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:RunOnce, FlashPlayerUpdate
    where: S-1-5-21-484763869-1935655697-1606980848-500...
    command: C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin
    file: C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe
    size: 232912
    MD5: 00D36079894D61D3E72E286FA5C7736C

    Located: Startup (user), ERUNT AutoBackup.lnk
    where: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup...
    command: C:\Program Files\ERUNT\AUTOBACK.EXE
    file: C:\Program Files\ERUNT\AUTOBACK.EXE
    size: 38912
    MD5: E00DE20F0F6BED5CD2160247DDC9443B

    Located: Startup (user), Yahoo! Widgets.lnk
    where: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup...
    command: C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    file: C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    size: 4742184
    MD5: E98EA7471918E1987075815DC4C61001

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, dimsntfy
    command: %SystemRoot%\System32\dimsntfy.dll
    file: %SystemRoot%\System32\dimsntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, igfxcui
    command: igfxdev.dll
    file: igfxdev.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, WgaLogon
    command: WgaLogon.dll
    file: WgaLogon.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: AcroIEHelperStub
    CLSID name: Adobe PDF Link Helper
    Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelperShim.dll
    Short name: ACROIE~2.DLL
    Date (created): 9/22/2010 5:04:14 PM
    Date (last access): 11/13/2010 11:25:46 AM
    Date (last write): 9/22/2010 5:04:14 PM
    Filesize: 75200
    Attributes: archive
    MD5: 203A74767EB81F96A5166B1933DB46D0
    CRC32: B0D671C9
    Version: 9.4.0.195

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 5/20/2010 3:58:04 PM
    Date (last access): 11/13/2010 1:10:48 PM
    Date (last write): 1/26/2009 2:31:02 PM
    Filesize: 1879896
    Attributes: archive
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 5/16/2010 12:29:36 PM
    Date (last access): 11/13/2010 11:36:12 AM
    Date (last write): 5/16/2010 12:29:36 PM
    Filesize: 41760
    Attributes: archive
    MD5: 385BD69743EA92E76CDF07B3345A25D5
    CRC32: D47CB5BA
    Version: 6.0.200.2

    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: JQSIEStartDetectorImpl
    CLSID name: JQSIEStartDetectorImpl Class
    Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
    Long name: jqs_plugin.dll
    Short name: JQS_PL~1.DLL
    Date (created): 5/16/2010 12:29:40 PM
    Date (last access): 11/13/2010 11:29:04 AM
    Date (last write): 5/16/2010 12:29:40 PM
    Filesize: 79648
    Attributes: archive
    MD5: 4E2BB6D2677B42AD04BE18A6E9817B68
    CRC32: 2F05ABD7
    Version: 6.0.200.2



    --- ActiveX list ---
    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
    DPF name:
    CLSID name: Installation Support
    Installer:
    Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    description: Yahoo! Installation helper
    classification: Legitimate
    known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Yahoo!\Common\
    Long name: YInstHelper.dll
    Short name: YINSTH~1.DLL
    Date (created): 3/15/2007 8:49:04 PM
    Date (last access): 10/15/2010 3:16:50 PM
    Date (last write): 3/15/2007 8:49:04 PM
    Filesize: 209448
    Attributes: archive
    MD5: 4380A4799E826AF03FD975B4A71E9268
    CRC32: 423BF1F7
    Version: 2007.3.15.1

    {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    DPF name:
    CLSID name: WUWebControl Class
    Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
    Codebase: http://update.microsoft.com/windowsu...?1254503707578
    description:
    classification: Legitimate
    known filename: wuweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: wuweb.dll
    Short name:
    Date (created): 10/2/2009 9:23:36 AM
    Date (last access): 11/13/2010 12:41:48 PM
    Date (last write): 8/6/2009 7:24:18 PM
    Filesize: 209632
    Attributes: archive
    MD5: 033AF4CE25B6D871F0DE2C982658E049
    CRC32: 2C204902
    Version: 7.4.7600.226

    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    DPF name:
    CLSID name: MUWebControl Class
    Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
    Codebase: http://update.microsoft.com/microsof...?1254503766796
    description:
    classification: Legitimate
    known filename: muweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: muweb.dll
    Short name:
    Date (created): 10/16/2008 1:07:48 PM
    Date (last access): 11/13/2010 12:42:42 PM
    Date (last write): 8/6/2009 7:23:46 PM
    Filesize: 215920
    Attributes: archive
    MD5: A1350D646EF6E57E8F4F33EBE7320D08
    CRC32: AB3CA24F
    Version: 7.4.7600.226

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_20
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_20.dll
    Short name: NPJPI1~1.DLL
    Date (created): 5/16/2010 12:29:38 PM
    Date (last access): 10/15/2010 3:16:50 PM
    Date (last write): 5/16/2010 12:29:38 PM
    Filesize: 136992
    Attributes: archive
    MD5: E06930C34F16C8AD24AD79502F40026A
    CRC32: 529E0B62
    Version: 6.0.200.2

    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name:
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: NPJPI150_02.dll
    info link:
    info source: Safer Networking Ltd.

    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: npjpi160_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 9/24/2007 11:31:44 PM
    Date (last access): 10/15/2010 3:16:50 PM
    Date (last write): 9/25/2007 1:11:34 AM
    Filesize: 132496
    Attributes: archive
    MD5: D6A4682A6FF41832A3F1A7AB9AE08199
    CRC32: 9080B537
    Version: 6.0.30.5

    {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_20
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_20.dll
    Short name: NPJPI1~1.DLL
    Date (created): 5/16/2010 12:29:38 PM
    Date (last access): 11/13/2010 1:14:08 PM
    Date (last write): 5/16/2010 12:29:38 PM
    Filesize: 136992
    Attributes: archive
    MD5: E06930C34F16C8AD24AD79502F40026A
    CRC32: 529E0B62
    Version: 6.0.200.2

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_20
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_20.dll
    Short name: NPJPI1~1.DLL
    Date (created): 5/16/2010 12:29:38 PM
    Date (last access): 11/13/2010 1:14:08 PM
    Date (last write): 5/16/2010 12:29:38 PM
    Filesize: 136992
    Attributes: archive
    MD5: E06930C34F16C8AD24AD79502F40026A
    CRC32: 529E0B62
    Version: 6.0.200.2

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash10c.ocx
    Short name:
    Date (created): 7/17/2009 9:12:12 PM
    Date (last access): 11/13/2010 9:28:30 AM
    Date (last write): 7/17/2009 9:12:12 PM
    Filesize: 3979680
    Attributes: readonly archive
    MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
    CRC32: D6F40D46
    Version: 10.0.32.18

    {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} ()
    DPF name:
    CLSID name:
    Installer: C:\Program Files\WebEx\ieatgpc.inf
    Codebase:
    description:
    classification: Legitimate
    known filename: ieatgpc.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\WebEx\
    Long name: ieatgpc.dll
    Short name:
    Date (created): 12/12/2007 6:36:08 PM
    Date (last access): 11/1/2010 8:30:40 PM
    Date (last write): 12/12/2007 6:36:08 PM
    Filesize: 98712
    Attributes: archive
    MD5: 633AE73ACC7DDB85E0E94FEEAB2C34EF
    CRC32: AB9308D8
    Version: 2.1.0.0



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 428 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 728 ( 428) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 752 ( 428) \??\C:\WINDOWS\system32\winlogon.exe
    size: 507904
    PID: 796 ( 752) C:\WINDOWS\system32\services.exe
    size: 110592
    MD5: 65DF52F5B8B6E9BBD183505225C37315
    PID: 808 ( 752) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: BF2466B3E18E970D8A976FB95FC1CA85
    PID: 956 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1024 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1092 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1184 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1232 ( 796) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 448 ( 360) C:\WINDOWS\Explorer.EXE
    size: 1033728
    MD5: 12896823FB95BFB3DC9B46BCAEDC9923
    PID: 1268 ( 448) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 11/13/2010 1:14:07 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DEAFB57-1872-468E-B1A3-602240190A92}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DEAFB57-1872-468E-B1A3-602240190A92}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FC79517C-7592-4C80-90DF-36696C5013E9}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FC79517C-7592-4C80-90DF-36696C5013E9}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3FA85F8-366F-4347-B093-FE2A4249F8EE}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3FA85F8-366F-4347-B093-FE2A4249F8EE}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{27F7CDE2-0666-4AE8-9C58-2469287398C3}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{27F7CDE2-0666-4AE8-9C58-2469287398C3}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E22FE4ED-4249-42D1-BF50-3AE2D29ACCE4}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E22FE4ED-4249-42D1-BF50-3AE2D29ACCE4}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 3: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP

  2. #2
    Member
    Join Date
    Oct 2010
    Location
    Columbia, MO
    Posts
    66

    Default Malware Bytes Log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5107

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    11/13/2010 10:15:42 AM
    mbam-log-2010-11-13 (10-15-42).txt

    Scan type: Quick scan
    Objects scanned: 148876
    Time elapsed: 15 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 14

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Administrator\Application Data\hotfix.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\k2dqkj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vr1ndx9r8.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1W953GP9\autowinupdate[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1W953GP9\erztbwqyg[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1W953GP9\tkbvqkfdls[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5YVNZQ2L\oovqlsahc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5YVNZQ2L\rhlgoidbwq[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B73FETC9\aaick[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B73FETC9\xbsnusnvp[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YAFZPA7M\ermtbvqls[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YAFZPA7M\gtbwqys[1].htm (Trojan.Zbot) -> Quarantined and deleted successfully.
    C:\WINDOWS\igpxp2.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\WINDOWS\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

  3. #3
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds file to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #4
    Member
    Join Date
    Oct 2010
    Location
    Columbia, MO
    Posts
    66

    Default Script Blocker?

    Once again, thanks for your help but I am still running in to a few issues.

    I tried to get a DDS log while in normal windows start up. My computer started to load up and then just froze. So I loaded it up in safe mode with networking. I downloaded the DDS program and ran it. It ran for awhile (5+ minutes) and then just froze. My question is what script blockers could be running to prevent the DDS from finishing and providing a log so I know to close those? If not, is it possible the virus is preventing the DDS log from finishing?

    Thanks,
    James

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Antivirus programs may contain script blocking components. If you had all disabled then see if renaming dds file to look.com works.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Member
    Join Date
    Oct 2010
    Location
    Columbia, MO
    Posts
    66

    Default Still Didn't Work

    The only type of antivirus software I have is Spybot's TeaTimer. I have disabled TeaTimer about a week ago and it is still disabled.

    I renamed the first (MSDOS) and second(Screen Saver) link to look.com and still did not have any success getting a log. The status bar moves 3/4 across the command screen but stops after about 1 to 2 minutes and makes no progress from there. I have left it running for up to 2 hours and it still didn't provide the log.

    Sorry this is so difficult, any solutions?

    Thanks,
    James

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Let's see if we have any better luck with other tool.

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Copy-paste following contents into custom scan -area:
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Member
    Join Date
    Oct 2010
    Location
    Columbia, MO
    Posts
    66

    Default OTL.txt

    This is the OTL.txt

    OTL logfile created on: 11/23/2010 2:02:58 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    503.00 Mb Total Physical Memory | 346.00 Mb Available Physical Memory | 69.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.89 Gb Total Space | 46.29 Gb Free Space | 82.83% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: CREXJR | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (RpcLocator) Remote Procedure Call (RPC) -- C:\WINDOWS\System32\locator.exe File not found
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ()
    SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found
    DRV - (amvgj) -- C:\WINDOWS\System32\drivers\gotndc.sys File not found
    DRV - (muviwq) -- C:\WINDOWS\System32\drivers\muviwq.sys ()
    DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
    DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
    DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AIM Search"
    FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
    FF - prefs.js..browser.search.order.1: "Search"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://webmail.mizzou.edu/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
    FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="

    FF - user.js..browser.search.selectedEngine: "Search"
    FF - user.js..browser.search.order.1: "Search"
    FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 11:18:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/11 16:06:42 | 000,000,000 | ---D | M]

    [2009/10/07 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/10/19 20:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions
    [2010/04/26 20:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/13 06:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\personas@christopher.beard
    [2009/12/05 09:10:36 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\searchplugins\aim-search.xml
    [2010/11/13 10:01:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/16 12:30:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/05/16 12:29:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
    [2010/10/20 09:36:58 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

    O1 HOSTS File: ([2010/11/13 11:19:33 | 000,425,401 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 14658 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1254503707578 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1254503766796 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/10/02 09:26:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\Shell\AutoRun\command - "" = E:\sysusb\usbdur.exe -- File not found
    O33 - MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\Shell\explore\command - "" = E:\sysusb\usbdur.exe -- File not found
    O33 - MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\Shell\open\command - "" = E:\sysusb\usbdur.exe -- File not found
    O33 - MountPoints2\{b72adcc6-2a6a-11df-baaa-000b7d264beb}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/13 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/13 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2010/11/13 10:22:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/13 09:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/11/13 09:54:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/13 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/13 09:54:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/13 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/13 09:39:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2010/11/13 09:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/23 14:00:29 | 000,440,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/23 14:00:29 | 000,070,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/23 13:56:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/23 13:56:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/23 06:56:31 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{89CBC202-F144-4B9C-88DB-B7B395412A15}.job
    [2010/11/23 06:54:06 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
    [2010/11/13 11:19:33 | 000,425,401 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/13 10:48:35 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
    [2010/11/13 10:31:16 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
    [2010/11/13 10:28:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2010/11/13 10:28:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
    [2010/11/13 10:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/13 09:54:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/13 09:43:10 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2010/11/13 09:17:02 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\completescan
    [2010/11/01 20:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2010/11/01 19:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2010/11/01 18:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2010/11/01 17:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2010/11/01 16:43:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/13 10:48:33 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
    [2010/11/13 10:31:15 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
    [2010/11/13 10:28:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2010/11/13 10:28:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
    [2010/11/13 09:54:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/21 19:14:37 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\start
    [2010/10/21 19:13:58 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\completescan
    [2010/10/21 09:18:41 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\install
    [2010/10/21 06:55:56 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\48969.bat
    [2010/10/21 06:54:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\muviwq.sys
    [2009/10/24 21:53:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2009/10/15 07:39:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2009/10/07 15:48:02 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/07 10:35:23 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2009/10/02 11:06:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2009/10/02 11:06:02 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2009/10/02 10:46:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
    [2009/10/02 04:13:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/04/14 06:00:00 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\iccvid.dll
    [2008/04/14 06:00:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\msports.dll
    [2008/04/14 06:00:00 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\umandlg.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/10/02 09:26:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/10/21 13:29:50 | 000,000,212 | -HS- | M] () -- C:\boot.ini
    [2009/10/02 09:26:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/03/18 19:23:09 | 005,620,257 | ---- | M] () -- C:\immudebug.log
    [2009/10/02 09:26:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/12/05 08:58:47 | 000,000,457 | -H-- | M] () -- C:\IPH.PH
    [2009/10/02 09:26:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 06:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/11/23 13:55:55 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/10/02 04:11:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/10/02 04:11:08 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/10/02 04:11:08 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-15 21:19:42

    < End of report >

  9. #9
    Member
    Join Date
    Oct 2010
    Location
    Columbia, MO
    Posts
    66

    Default Extras.txt

    This is the Extras.txt

    OTL Extras logfile created on: 11/23/2010 2:02:58 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    503.00 Mb Total Physical Memory | 346.00 Mb Available Physical Memory | 69.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.89 Gb Total Space | 46.29 Gb Free Space | 82.83% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: CREXJR | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
    "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
    "Adobe AIR" = Adobe AIR
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AIM_7" = AIM 7
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
    "LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MicroWorlds Web Player" = MicroWorlds Web Player
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Widget Engine" = Yahoo! Widgets
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/14/2010 1:12:16 AM | Computer Name = CREXJR | Source = Application Error | ID = 1000
    Description = Faulting application wmiapsrv.exe, version 5.1.2600.5512, faulting
    module wmiapsrv.exe, version 5.1.2600.5512, fault address 0x0000acf6.

    Error - 11/14/2010 1:12:50 AM | Computer Name = CREXJR | Source = WmiAdapter | ID = 4099
    Description = Open of service failed.

    Error - 11/23/2010 8:53:51 AM | Computer Name = CREXJR | Source = Application Error | ID = 1005
    Description = Windows cannot access the file C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
    for one of the following reasons: there is a problem with the network connection,
    the disk that the file is stored on, or the storage drivers installed on this computer;
    or the disk is missing. Windows closed the program System Configuration Utility
    because of this error. Program: System Configuration Utility File: C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

    The
    error value is listed in the Additional Data section. User Action 1. Open the file
    again. This situation might be a temporary problem that corrects itself when the
    program runs again. 2. If the file still cannot be accessed and - It is on the network,
    your network administrator should verify that there is not a problem with the network
    and that the server can be contacted. - It is on a removable disk, for example,
    a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3.
    Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
    click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
    and then press ENTER. 4. If the problem persists, restore the file from a backup
    copy. 5. Determine whether other files on the same disk can be opened. If not, the
    disk might be damaged. If it is a hard disk, contact your administrator or computer
    hardware vendor for further assistance. Additional Data Error value: C000009C Disk
    type: 3

    Error - 11/23/2010 8:53:58 AM | Computer Name = CREXJR | Source = Application Error | ID = 1000
    Description = Faulting application msconfig.exe, version 5.1.2600.5512, faulting
    module msconfig.exe, version 5.1.2600.5512, fault address 0x0001895b.

    Error - 11/23/2010 9:02:17 AM | Computer Name = CREXJR | Source = LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. BaseIndex value from Performance
    registry
    is the first DWORD in Data section, LastCounter value is the second DWORD in Data
    section, and LastHelp value is the third DWORD in Data section.

    Error - 11/23/2010 9:02:17 AM | Computer Name = CREXJR | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    Error - 11/23/2010 11:50:05 AM | Computer Name = CREXJR | Source = LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. BaseIndex value from Performance
    registry
    is the first DWORD in Data section, LastCounter value is the second DWORD in Data
    section, and LastHelp value is the third DWORD in Data section.

    Error - 11/23/2010 11:50:05 AM | Computer Name = CREXJR | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    Error - 11/23/2010 4:00:26 PM | Computer Name = CREXJR | Source = LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. BaseIndex value from Performance
    registry
    is the first DWORD in Data section, LastCounter value is the second DWORD in Data
    section, and LastHelp value is the third DWORD in Data section.

    Error - 11/23/2010 4:00:26 PM | Computer Name = CREXJR | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    [ System Events ]
    Error - 11/23/2010 4:06:54 PM | Computer Name = CREXJR | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 11/23/2010 4:07:33 PM | Computer Name = CREXJR | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 11/23/2010 4:07:37 PM | Computer Name = CREXJR | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 11/23/2010 4:07:42 PM | Computer Name = CREXJR | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 11/23/2010 4:07:46 PM | Computer Name = CREXJR | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 11/23/2010 4:07:52 PM | Computer Name = CREXJR | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 11/23/2010 4:07:57 PM | Computer Name = CREXJR | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 11/23/2010 4:08:01 PM | Computer Name = CREXJR | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 11/23/2010 4:08:05 PM | Computer Name = CREXJR | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 11/23/2010 4:08:10 PM | Computer Name = CREXJR | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.


    < End of report >

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Do all the following steps in normal mode if possible.

    Upload C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml file to http://www.virustotal.com and post back the results.


    Let's run OTL.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - (amvgj) -- C:\WINDOWS\System32\drivers\gotndc.sys File not found
      DRV - (muviwq) -- C:\WINDOWS\System32\drivers\muviwq.sys ()
      O33 - MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\Shell\AutoRun\command - "" = E:\sysusb\usbdur.exe -- File not found
      O33 - MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\Shell\explore\command - "" = E:\sysusb\usbdur.exe -- File not found
      O33 - MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\Shell\open\command - "" = E:\sysusb\usbdur.exe -- File not found
      [2010/11/13 09:43:10 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
      [2010/11/13 09:17:02 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\completescan
      [2010/11/01 20:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
      [2010/11/01 19:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
      [2010/11/01 18:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
      [2010/11/01 17:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
      [2010/11/01 16:43:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
      [2010/10/21 19:14:37 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\start
      [2010/10/21 09:18:41 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\install
      [2010/10/21 06:55:56 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\48969.bat
      :Commands
      [emptytemp]
      [CREATERESTOREPOINT]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then post a new OTL log



    Get Adobe Reader 9.4.1 here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 22.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
    • Click Scan
    • Wait for the scan to finish.


    Post back its report & fresh OTL.txt log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •