ThinkPoint Removal Help

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
ComboFix Issues

Tried to run ComboFix in safemode and normal mode. The furthest I got was the screen where it tells you "the scan should not take more than 10 minutes but could easily take double." I let ComboFix run in the screen for over an hour and when I came back the blinking underscore had stopped blinking and the program appeared to be frozen.

Should I attempt running ComboFix another way?
 
Hi,

Update MBAM and run a full scan with it. Let it remove found items and post back the report together with a fresh log of OTL scan.
 
Fyi

Just so you know, I ran both scans in safe mode first and then in normal mode since I continue to have a system error pop up in normal mode. Here are my MBAM safe mode results.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/29/2010 9:34:36 AM
mbam-log-2010-11-29 (09-34-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 174870
Time elapsed: 27 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\WSTB\drv8.0.3.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37F30A2C-9B94-4B49-9E15-8ECFE9DD3577}\RP4\A0012223.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37F30A2C-9B94-4B49-9E15-8ECFE9DD3577}\RP4\A0012224.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37F30A2C-9B94-4B49-9E15-8ECFE9DD3577}\RP4\A0012225.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37F30A2C-9B94-4B49-9E15-8ECFE9DD3577}\RP4\A0012226.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{37F30A2C-9B94-4B49-9E15-8ECFE9DD3577}\RP4\A0012227.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
 
Safe Mode OTL

OTL logfile created on: 11/29/2010 9:37:07 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 356.00 Mb Available Physical Memory | 71.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 46.30 Gb Free Space | 82.83% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CREXJR | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (RpcLocator) Remote Procedure Call (RPC) -- C:\WINDOWS\System32\locator.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ()
SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe ()


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://webmail.mizzou.edu/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 11:18:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 07:04:57 | 000,000,000 | ---D | M]

[2009/10/07 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/11/26 07:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions
[2010/04/26 20:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/13 06:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\personas@christopher.beard
[2009/12/05 09:10:36 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\searchplugins\aim-search.xml
[2010/11/26 07:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/26 07:19:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/26 07:17:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/10/20 09:36:58 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/11/13 11:19:33 | 000,425,401 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14658 more lines...
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254503707578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254503766796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/02 09:26:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b72adcc6-2a6a-11df-baaa-000b7d264beb}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 14:21:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/28 11:24:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/26 19:20:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/26 19:20:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/26 19:20:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/26 19:20:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/26 19:18:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 14:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\THINK POINT REMOVAL_files
[2010/11/26 14:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\how-to-use-combofix_files
[2010/11/26 14:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DISABLE ANTI VIRUS_files
[2010/11/26 07:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/26 07:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/26 07:19:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:19:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:08:25 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 00:34:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/13 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/13 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/13 10:22:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/11/13 09:54:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 09:54:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 09:39:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/11/13 09:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/29 09:36:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/29 09:36:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/28 14:14:53 | 003,981,348 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/28 14:09:38 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{89CBC202-F144-4B9C-88DB-B7B395412A15}.job
[2010/11/28 11:24:10 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/11/26 19:19:57 | 000,451,788 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/26 19:19:57 | 000,077,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/26 18:54:05 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/26 14:16:06 | 000,033,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\THINK POINT REMOVAL.php
[2010/11/26 14:13:16 | 000,091,203 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\how-to-use-combofix.htm
[2010/11/26 14:12:50 | 000,167,250 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DISABLE ANTI VIRUS.htm
[2010/11/26 08:43:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/26 07:38:03 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/26 07:17:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:17:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:17:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/26 07:09:43 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 07:04:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/26 00:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/25 23:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/25 22:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/13 11:19:33 | 000,425,401 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/13 10:48:35 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:16 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 10:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/28 11:24:10 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/11/28 11:24:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/26 19:20:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/26 19:20:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/26 19:20:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/26 19:20:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/26 19:20:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 14:16:05 | 000,033,633 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\THINK POINT REMOVAL.php
[2010/11/26 14:13:15 | 000,091,203 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\how-to-use-combofix.htm
[2010/11/26 14:12:48 | 000,167,250 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DISABLE ANTI VIRUS.htm
[2010/11/26 14:11:08 | 003,981,348 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/26 07:37:40 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/13 10:48:33 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:15 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 09:54:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 21:53:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/15 07:39:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/10/07 15:48:02 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 10:35:23 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/02 11:06:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/02 11:06:02 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/02 10:46:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/10/02 04:13:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/14 06:00:00 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\iccvid.dll
[2008/04/14 06:00:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\msports.dll
[2008/04/14 06:00:00 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\umandlg.dll

< End of report >
 
Normal Mode MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/29/2010 10:32:45 AM
mbam-log-2010-11-29 (10-32-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 176566
Time elapsed: 44 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{37F30A2C-9B94-4B49-9E15-8ECFE9DD3577}\RP11\A0030765.exe (Adware.BHO) -> Quarantined and deleted successfully.
 
Normal Mode OTL

OTL logfile created on: 11/29/2010 9:37:07 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 356.00 Mb Available Physical Memory | 71.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 46.30 Gb Free Space | 82.83% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CREXJR | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (RpcLocator) Remote Procedure Call (RPC) -- C:\WINDOWS\System32\locator.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ()
SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe ()


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://webmail.mizzou.edu/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 11:18:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 07:04:57 | 000,000,000 | ---D | M]

[2009/10/07 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/11/26 07:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions
[2010/04/26 20:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/13 06:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\personas@christopher.beard
[2009/12/05 09:10:36 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\searchplugins\aim-search.xml
[2010/11/26 07:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/26 07:19:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/26 07:17:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/10/20 09:36:58 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/11/13 11:19:33 | 000,425,401 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14658 more lines...
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254503707578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254503766796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/02 09:26:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b72adcc6-2a6a-11df-baaa-000b7d264beb}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 14:21:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/28 11:24:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/26 19:20:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/26 19:20:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/26 19:20:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/26 19:20:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/26 19:18:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 14:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\THINK POINT REMOVAL_files
[2010/11/26 14:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\how-to-use-combofix_files
[2010/11/26 14:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DISABLE ANTI VIRUS_files
[2010/11/26 07:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/26 07:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/26 07:19:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:19:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:08:25 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 00:34:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/13 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/13 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/13 10:22:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/11/13 09:54:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 09:54:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 09:39:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/11/13 09:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/29 09:36:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/29 09:36:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/28 14:14:53 | 003,981,348 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/28 14:09:38 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{89CBC202-F144-4B9C-88DB-B7B395412A15}.job
[2010/11/28 11:24:10 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/11/26 19:19:57 | 000,451,788 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/26 19:19:57 | 000,077,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/26 18:54:05 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/26 14:16:06 | 000,033,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\THINK POINT REMOVAL.php
[2010/11/26 14:13:16 | 000,091,203 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\how-to-use-combofix.htm
[2010/11/26 14:12:50 | 000,167,250 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DISABLE ANTI VIRUS.htm
[2010/11/26 08:43:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/26 07:38:03 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/26 07:17:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:17:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:17:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/26 07:09:43 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 07:04:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/26 00:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/25 23:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/25 22:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/13 11:19:33 | 000,425,401 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/13 10:48:35 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:16 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 10:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/28 11:24:10 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/11/28 11:24:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/26 19:20:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/26 19:20:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/26 19:20:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/26 19:20:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/26 19:20:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 14:16:05 | 000,033,633 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\THINK POINT REMOVAL.php
[2010/11/26 14:13:15 | 000,091,203 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\how-to-use-combofix.htm
[2010/11/26 14:12:48 | 000,167,250 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DISABLE ANTI VIRUS.htm
[2010/11/26 14:11:08 | 003,981,348 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/26 07:37:40 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/13 10:48:33 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:15 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 09:54:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 21:53:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/15 07:39:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/10/07 15:48:02 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 10:35:23 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/02 11:06:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/02 11:06:02 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/02 10:46:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/10/02 04:13:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/14 06:00:00 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\iccvid.dll
[2008/04/14 06:00:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\msports.dll
[2008/04/14 06:00:00 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\umandlg.dll

< End of report >
 
One Thing To Add

I forgot to mention that I have a Windows Update ready to be downloaded and installed. I have not done this yet because I did not want to mess anything up while trying to clean my computer. Should I download the update or hold off till my system is cleaned?

Thanks,
James Robnett III
 
I continue to have a system error pop up in normal mode.
Click to expand...
Not sure if you mentioned this earlier. What is the message on that error?

I forgot to mention that I have a Windows Update ready to be downloaded and installed. I have not done this yet because I did not want to mess anything up while trying to clean my computer. Should I download the update or hold off till my system is cleaned?
Click to expand...
Please wait until the cleaning is finished.

Let's run OTL in normal mode.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="
O4 - HKLM..\Run: [UserFaultCheck] File not found
[2010/11/26 08:43:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/26 00:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/25 23:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/25 22:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post result log. After that, please re-scan with OTL and post back its log.
 
Error Window

An error window pops up saying this once I start my computer and it will not stop "WMI Performance Adapter Service has encountered a problem and needs to close. We are sorry for the inconvenience." This window will continue to pop up and will not stop. If I tell it to not send or to send the information to microsoft sometimes my computer locks up.

An identical one only pops up once but says System Utility Configuration instead of WMI Performance Adapter Service.
 
Custom Fix and OTL

The custom fix killed the error windows but the normal otl scan will not do the same thing. Here are my results for the custom fix first and then the normal otl

All processes killed
========== OTL ==========
C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\rhdnctax.default\user.js moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 239549365 bytes
->Temporary Internet Files folder emptied: 5527367 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39316680 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: C-Rex
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84612 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 271.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11302010_064200

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Normal OTL Scan

OTL logfile created on: 11/30/2010 6:55:54 AM - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 236.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 46.33 Gb Free Space | 82.90% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CREXJR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (RpcLocator) Remote Procedure Call (RPC) -- C:\WINDOWS\System32\locator.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ()
SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe ()


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://webmail.mizzou.edu/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 11:18:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 07:04:57 | 000,000,000 | ---D | M]

[2009/10/07 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/11/26 07:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions
[2010/04/26 20:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/13 06:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\personas@christopher.beard
[2009/12/05 09:10:36 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\searchplugins\aim-search.xml
[2010/11/26 07:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/26 07:19:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/26 07:17:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/10/20 09:36:58 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/11/13 11:19:33 | 000,425,401 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14658 more lines...
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254503707578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254503766796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/02 09:26:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b72adcc6-2a6a-11df-baaa-000b7d264beb}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 14:21:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/28 11:24:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/26 19:20:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/26 19:20:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/26 19:20:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/26 19:20:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/26 19:18:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 14:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\THINK POINT REMOVAL_files
[2010/11/26 14:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\how-to-use-combofix_files
[2010/11/26 14:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DISABLE ANTI VIRUS_files
[2010/11/26 07:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/26 07:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/26 07:19:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:19:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:08:25 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 00:34:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/13 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/13 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/13 10:22:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/11/13 09:54:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 09:54:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 09:39:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/11/13 09:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/30 06:57:32 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{89CBC202-F144-4B9C-88DB-B7B395412A15}.job
[2010/11/30 06:54:17 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/30 06:50:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/30 06:50:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/30 06:43:49 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/29 10:43:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/28 14:14:53 | 003,981,348 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/28 11:24:10 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/11/26 19:19:57 | 000,451,788 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/26 19:19:57 | 000,077,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/26 14:16:06 | 000,033,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\THINK POINT REMOVAL.php
[2010/11/26 14:13:16 | 000,091,203 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\how-to-use-combofix.htm
[2010/11/26 14:12:50 | 000,167,250 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DISABLE ANTI VIRUS.htm
[2010/11/26 07:38:03 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/26 07:17:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:17:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:17:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/26 07:09:43 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 07:04:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/13 11:19:33 | 000,425,401 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/13 10:48:35 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:16 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 10:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/28 11:24:10 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/11/28 11:24:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/26 19:20:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/26 19:20:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/26 19:20:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/26 19:20:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/26 19:20:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 14:16:05 | 000,033,633 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\THINK POINT REMOVAL.php
[2010/11/26 14:13:15 | 000,091,203 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\how-to-use-combofix.htm
[2010/11/26 14:12:48 | 000,167,250 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DISABLE ANTI VIRUS.htm
[2010/11/26 14:11:08 | 003,981,348 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/26 07:37:40 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/13 10:48:33 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:15 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 09:54:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 21:53:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/15 07:39:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/10/07 15:48:02 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 10:35:23 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/02 11:06:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/02 11:06:02 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/02 10:46:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/10/02 04:13:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/14 06:00:00 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\iccvid.dll
[2008/04/14 06:00:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\msports.dll
[2008/04/14 06:00:00 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\umandlg.dll

< End of report >
 
Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
DIR /a/s C:\locator.exe >Log.txt
START Log.txt
DEL %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please. Do you have XP Professional cd handy?
 
Fixes.bat log

I personally do not have one handy. All of my stuff is in my parents house in boxes. I can try to go through that stuff and find it. However, my girlfriend is pretty organized and also has XP Professional on her computer so I could see if she still has her copy in town.

Here is the fixes.bat log, let me know if I did anything wrong.

Volume in drive C has no label.
Volume Serial Number is 74AE-B903

Directory of C:\WINDOWS\system32\dllcache

04/14/2008 06:00 AM 75,264 locator.exe
1 File(s) 75,264 bytes

Total Files Listed:
1 File(s) 75,264 bytes
0 Dir(s) 49,722,298,368 bytes free
 
Hi,

There seems to be a spare copy of the file that we can use :)

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
COPY /Y C:\WINDOWS\system32\dllcache\locator.exe C:\WINDOWS\system32\locator.exe
DIR /a/s C:\locator.exe >Log.txt
START Log.txt
DEL %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
 
fixes.bat log

Approximately how long should it take to get a log? A command window opened and said (1) file(s) copied. The cursor was blinking at the bottom for about 5 minutes and no log popped up.
 
Hi,

Since copying went fine please reboot and run OTL after that. Post back the log.
 
Otl log

Fresh OTL Log

OTL logfile created on: 11/30/2010 9:28:25 AM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 249.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 46.26 Gb Free Space | 82.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CREXJR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ()
SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe ()


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://webmail.mizzou.edu/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101066100&s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 11:18:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 07:04:57 | 000,000,000 | ---D | M]

[2009/10/07 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/11/30 07:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions
[2010/04/26 20:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/13 06:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\extensions\personas@christopher.beard
[2009/12/05 09:10:36 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhdnctax.default\searchplugins\aim-search.xml
[2010/11/30 07:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/26 07:19:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/26 07:17:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/10/20 09:36:58 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/11/13 11:19:33 | 000,425,401 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14658 more lines...
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254503707578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254503766796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/02 09:26:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b72adcc6-2a6a-11df-baaa-000b7d264beb}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 14:21:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/28 11:24:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/26 19:20:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/26 19:20:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/26 19:20:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/26 19:20:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/26 19:18:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 07:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/26 07:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/26 07:19:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:19:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:19:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:08:25 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 00:34:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/13 10:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/13 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/13 10:22:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/11/13 09:54:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/13 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/13 09:54:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/13 09:39:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/11/13 09:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/30 09:32:31 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{89CBC202-F144-4B9C-88DB-B7B395412A15}.job
[2010/11/30 09:27:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/30 09:27:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/30 09:09:20 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fixes.bat
[2010/11/30 07:43:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/30 06:54:17 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/30 06:43:49 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/29 10:43:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/28 14:14:53 | 003,981,348 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/28 11:24:10 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/11/26 19:19:57 | 000,451,788 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/26 19:19:57 | 000,077,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/26 07:38:03 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/26 07:17:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/26 07:17:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/26 07:17:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/26 07:17:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/26 07:09:43 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u22-windows-i586.exe
[2010/11/26 07:04:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/13 11:19:33 | 000,425,401 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/13 10:48:35 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:16 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 10:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/13 09:54:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/30 09:09:20 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fixes.bat
[2010/11/28 11:24:10 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/11/28 11:24:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/26 19:20:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/26 19:20:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/26 19:20:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/26 19:20:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/26 19:20:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 14:11:08 | 003,981,348 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/26 07:37:40 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/11/13 10:48:33 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.com
[2010/11/13 10:31:15 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.com.scr
[2010/11/13 10:28:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/13 10:28:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/11/13 09:54:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 21:53:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/15 07:39:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/10/07 15:48:02 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 10:35:23 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/02 11:06:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/02 11:06:02 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/02 10:46:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/10/02 04:13:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/14 06:00:00 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\iccvid.dll
[2008/04/14 06:00:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\msports.dll
[2008/04/14 06:00:00 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\umandlg.dll

< End of report >
 
Error Issue Still Buggin

Loaded up my computer and it started up slower than normal and no error message popped up. Once everything in the right bottom tool bar tray loaded up, both error messages popped up.
 
Error Issue Still Buggin

I looked at the error and clicked technical details. It showed me the two files associated with the System Utility Configuration. Would you like those files as well as the files associated with the WMI error?
 
You must log in or register to reply here.
Back
Top