I'll be away from my computer till Thursday, so I'll try to post this information then, but definitely not expecting a response over the holidays.
Thanks,
James
Fyi
I'll be away from my computer till Thursday, so I'll try to post this information then, but definitely not expecting a response over the holidays.
Thanks,
James
Ok. Thanks for the heads up
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
VirusTotal Scan
Antivirus Version Last Update Result
AhnLab-V3 2010.11.26.00 2010.11.25 -
AntiVir 7.10.14.107 2010.11.25 -
Antiy-AVL 2.0.3.7 2010.11.26 -
Avast 4.8.1351.0 2010.11.25 -
Avast5 5.0.594.0 2010.11.25 -
AVG 9.0.0.851 2010.11.26 -
BitDefender 7.2 2010.11.26 -
CAT-QuickHeal 11.00 2010.11.26 -
ClamAV 0.96.4.0 2010.11.26 -
Command 5.2.11.5 2010.11.26 -
Comodo 6851 2010.11.26 -
DrWeb 5.0.2.03300 2010.11.26 -
Emsisoft 5.0.0.50 2010.11.26 -
eSafe 7.0.17.0 2010.11.24 -
eTrust-Vet 36.1.8000 2010.11.25 -
F-Prot 4.6.2.117 2010.11.25 -
F-Secure 9.0.16160.0 2010.11.26 -
Fortinet 4.2.254.0 2010.11.25 -
GData 21 2010.11.26 -
Ikarus T3.1.1.90.0 2010.11.26 -
Jiangmin 13.0.900 2010.11.26 -
K7AntiVirus 9.69.3083 2010.11.25 -
Kaspersky 7.0.0.125 2010.11.26 -
McAfee 5.400.0.1158 2010.11.26 -
McAfee-GW-Edition 2010.1C 2010.11.26 -
Microsoft 1.6402 2010.11.26 -
NOD32 5649 2010.11.25 -
Norman 6.06.10 2010.11.25 -
nProtect 2010-11-25.01 2010.11.26 -
Panda 10.0.2.7 2010.11.25 -
PCTools 7.0.3.5 2010.11.26 -
Prevx 3.0 2010.11.26 -
Rising 22.75.03.03 2010.11.26 -
Sophos 4.60.0 2010.11.26 -
SUPERAntiSpyware 4.40.0.1006 2010.11.25 -
Symantec 20101.2.0.161 2010.11.26 -
TheHacker 6.7.0.1.091 2010.11.26 -
TrendMicro 9.120.0.1004 2010.11.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.26 -
VBA32 3.12.14.2 2010.11.25 -
VIPRE 7414 2010.11.26 -
ViRobot 2010.11.20.4158 2010.11.26 -
VirusBuster 13.6.60.0 2010.11.25 -
Additional information
Show all
MD5 : 4d41f4ec2d6376898464872b7a675eb5
SHA1 : fa5a81776bd0f47207bfb24a2409d57d436859f2
SHA256: 83f1223e76ddbf7cb7134aa209720b375df1dd5e1c8fed324fffcda66e237b6c
OTL Log
All processes killed
========== OTL ==========
Service amvgj stopped successfully!
Service amvgj deleted successfully!
File C:\WINDOWS\System32\drivers\gotndc.sys File not found not found.
Service muviwq stopped successfully!
Service muviwq deleted successfully!
C:\WINDOWS\system32\drivers\muviwq.sys moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
File E:\sysusb\usbdur.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
File E:\sysusb\usbdur.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
File E:\sysusb\usbdur.exe not found.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\Documents and Settings\Administrator\Application Data\completescan moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\Documents and Settings\Administrator\Application Data\start moved successfully.
C:\Documents and Settings\Administrator\Application Data\install moved successfully.
C:\Documents and Settings\Administrator\Application Data\48969.bat moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 15166226 bytes
->Temporary Internet Files folder emptied: 9146678 bytes
->Java cache emptied: 59203180 bytes
->FireFox cache emptied: 5069789 bytes
->Flash cache emptied: 131173 bytes
User: All Users
User: C-Rex
->Temp folder emptied: 765 bytes
->Temporary Internet Files folder emptied: 99884 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3665879 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 490867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64713796 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 90273099 bytes
Total Files Cleaned = 239.00 mb
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
OTL by OldTimer - Version 3.2.17.3 log created on 11262010_003427
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
VirusTotal Scan In Normal Mode
VirusTotal Scan In Normal Windows Mode
Antivirus Version Last Update Result
AhnLab-V3 2010.11.26.00 2010.11.25 -
AntiVir 7.10.14.107 2010.11.25 -
Antiy-AVL 2.0.3.7 2010.11.26 -
Avast 4.8.1351.0 2010.11.25 -
Avast5 5.0.594.0 2010.11.25 -
AVG 9.0.0.851 2010.11.26 -
BitDefender 7.2 2010.11.26 -
CAT-QuickHeal 11.00 2010.11.26 -
ClamAV 0.96.4.0 2010.11.26 -
Command 5.2.11.5 2010.11.26 -
Comodo 6851 2010.11.26 -
DrWeb 5.0.2.03300 2010.11.26 -
Emsisoft 5.0.0.50 2010.11.26 -
eSafe 7.0.17.0 2010.11.24 -
eTrust-Vet 36.1.8000 2010.11.25 -
F-Prot 4.6.2.117 2010.11.25 -
F-Secure 9.0.16160.0 2010.11.26 -
Fortinet 4.2.254.0 2010.11.25 -
GData 21 2010.11.26 -
Ikarus T3.1.1.90.0 2010.11.26 -
Jiangmin 13.0.900 2010.11.26 -
K7AntiVirus 9.69.3083 2010.11.25 -
Kaspersky 7.0.0.125 2010.11.26 -
McAfee 5.400.0.1158 2010.11.26 -
McAfee-GW-Edition 2010.1C 2010.11.26 -
Microsoft 1.6402 2010.11.26 -
NOD32 5649 2010.11.25 -
Norman 6.06.10 2010.11.25 -
nProtect 2010-11-25.01 2010.11.26 -
Panda 10.0.2.7 2010.11.25 -
PCTools 7.0.3.5 2010.11.26 -
Prevx 3.0 2010.11.26 -
Rising 22.75.03.03 2010.11.26 -
Sophos 4.60.0 2010.11.26 -
SUPERAntiSpyware 4.40.0.1006 2010.11.25 -
Symantec 20101.2.0.161 2010.11.26 -
TheHacker 6.7.0.1.091 2010.11.26 -
TrendMicro 9.120.0.1004 2010.11.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.26 -
VBA32 3.12.14.2 2010.11.25 -
VIPRE 7414 2010.11.26 -
ViRobot 2010.11.20.4158 2010.11.26 -
VirusBuster 13.6.60.0 2010.11.25 -
Hi,
When ready, post fresh OTL.txt log + ESET scanner results.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
OTL Log
This OTL Log was run in Window's Normal Mode
All processes killed
========== OTL ==========
Error: No service named amvgj was found to stop!
Service\Driver key amvgj not found.
File C:\WINDOWS\System32\drivers\gotndc.sys File not found not found.
Error: No service named muviwq was found to stop!
Service\Driver key muviwq not found.
File C:\WINDOWS\System32\drivers\muviwq.sys not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
File E:\sysusb\usbdur.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
File E:\sysusb\usbdur.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f47e55c-7cd1-11df-baec-000b7d264beb}\ not found.
File E:\sysusb\usbdur.exe not found.
File C:\WINDOWS\tasks\At10.job not found.
File C:\Documents and Settings\Administrator\Application Data\completescan not found.
File C:\WINDOWS\tasks\At22.job not found.
File C:\WINDOWS\tasks\At21.job not found.
File C:\WINDOWS\tasks\At20.job not found.
File C:\WINDOWS\tasks\At19.job not found.
File C:\WINDOWS\tasks\At18.job not found.
File C:\Documents and Settings\Administrator\Application Data\start not found.
File C:\Documents and Settings\Administrator\Application Data\install not found.
File C:\Documents and Settings\Administrator\Application Data\48969.bat not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 25523958 bytes
->Temporary Internet Files folder emptied: 5277383 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23809802 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: C-Rex
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 52.00 mb
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.17.3 log created on 11262010_004852
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\WERecc7.dir00\wmiapsrv.exe.hdmp not found!
Registry entries deleted on Reboot...
ESET Log
I was actually not able to use Internet Explorer because it was asking me to download something. When I did not accept the download it would close every time. So I was able to run ESET from the desktop just as you requested if I were using it in Internet Explorer.
In addition, this may provide you with a little help, but a error window pops up saying this once I start my computer and it will not stop "WMI Performance Adapter Service has encountered a problem and needs to close. We are sorry for the inconvenience." An identical one only pops up once but it closes the System Utility Configuration.
Here is the ESET Log. Let me know if you need anything else
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm
Hi,
Please run OTL again (in normal mode) with minimum output option enabled. Don't use fix option this time but scan.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Fresh OTL Report
OTL logfile created on: 11/26/2010 11:44:23 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
503.00 Mb Total Physical Memory | 255.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 46.55 Gb Free Space | 83.29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: CREXJR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (RpcLocator) Remote Procedure Call (RPC) -- C:\WINDOWS\System32\locator.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ()
SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe ()
========== Driver Services (SafeList) ==========
DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://webmail.mizzou.edu/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="
FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 11:18:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 07:04:57 | 000,000,000 | ---D | M]
[2009/10/07 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/11/26 07:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions
[2010/04/26 20:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/13 06:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\personas@christopher.beard
[2009/12/05 09:10:36 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\searchplugins\aim-search.xml
[2010/11/26 07:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/26 07:19:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/26 07:17:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/10/20 09:36:58 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml
O1 HOSTS File: ([2010/11/13 11:19:33 | 000,425,401 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14658 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1254503707578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1254503766796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/02 09:26:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b72adcc6-2a6a-11df-baaa-000b7d264beb}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/26 07:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/26 07:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/26 07:19:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:19:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:08:25 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 00:34:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/13 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/13 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/13 10:22:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/11/13 09:54:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 09:54:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 09:39:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/11/13 09:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/26 11:54:25 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/26 11:48:46 | 000,447,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/26 11:48:46 | 000,075,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/26 11:44:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/26 11:43:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/26 08:43:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/26 08:25:47 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{89CBC202-F144-4B9C-88DB-B7B395412A15}.job
[2010/11/26 07:38:03 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/26 07:17:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:17:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:17:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/26 07:09:43 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 07:04:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/26 00:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/25 23:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/25 22:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/13 11:19:33 | 000,425,401 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/13 10:48:35 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:16 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 10:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/26 07:37:40 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/13 10:48:33 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:15 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 09:54:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 21:53:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/15 07:39:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/10/07 15:48:02 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 10:35:23 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/02 11:06:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/02 11:06:02 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/02 10:46:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/10/02 04:13:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/14 06:00:00 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\iccvid.dll
[2008/04/14 06:00:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\msports.dll
[2008/04/14 06:00:00 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\umandlg.dll
< End of report >
Posting Permissions
