Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with the Conficker.B [Solved]


  • This topic is locked This topic is locked

#1
mewsick75

mewsick75

    Member

  • Member
  • PipPipPip
  • 258 posts
I have a Windows 2000 Pro computer infected with the Conficker.b virus and I've tried to run several programs on it but they won't run. I don't know if it's because the program won't let them run or because they aren't compatible with Windows 2000.

Any help would be greatly appreciated.
  • 0

Advertisements


#2
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
Here is the OTL log:

OTL logfile created on: 6/7/2013 10:37:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ersdcom\Desktop
Windows 2000 Professional Edition Service Pack 2 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.3315.1000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.99 Mb Total Physical Memory | 288.84 Mb Available Physical Memory | 56.64% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.13% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 34.56 Gb Free Space | 92.80% Space Free | Partition Type: NTFS
Drive E: | 7.44 Gb Total Space | 1.28 Gb Free Space | 17.25% Space Free | Partition Type: FAT32

Computer Name: TROUBLE | User Name: ERSDCOM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/07 10:25:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ersdcom\Desktop\OTL.exe
PRC - [2011/02/17 03:23:12 | 000,389,960 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe
PRC - [2009/12/08 03:07:29 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
PRC - [2009/06/26 13:49:48 | 000,192,512 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRPC.exe
PRC - [2009/06/26 13:49:47 | 000,208,896 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
PRC - [2008/02/08 17:58:44 | 000,407,368 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Realmon.exe
PRC - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2006/03/15 00:50:18 | 000,409,600 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe
PRC - [2006/03/15 00:42:24 | 000,131,072 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
PRC - [2006/03/14 22:57:08 | 000,122,880 | ---- | M] (Computer Associates) -- C:\Program Files\CA\BrightStor Backup Agent for Open Files\Ofant.exe
PRC - [2006/02/09 03:50:00 | 000,267,488 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\ccmsetup\ccmsetup.exe
PRC - [2005/02/23 15:56:12 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2004/03/08 11:56:10 | 000,320,656 | ---- | M] (VERITAS Software Corporation) -- C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
PRC - [2003/11/09 16:12:26 | 000,815,104 | ---- | M] () -- C:\Program Files\ERS MS\ERS MS Alarm Receiver.exe
PRC - [2003/11/07 16:26:16 | 000,061,440 | ---- | M] () -- C:\Program Files\ERS MS\ERSAlarmBuffer.exe
PRC - [2003/11/05 19:26:40 | 000,122,880 | ---- | M] () -- C:\Program Files\ERS MS\DBLocking.exe
PRC - [2003/11/05 15:13:28 | 000,081,920 | ---- | M] () -- C:\Program Files\ERS MS\PCMCMS.exe
PRC - [2002/05/08 10:51:52 | 000,212,992 | ---- | M] (Intel Corporation) -- C:\Program Files\intel\ASF Agent\ASFAgent.exe
PRC - [2002/04/04 13:56:10 | 000,163,840 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2002/02/27 10:57:34 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\SYSTEM32\NMSSvc.Exe
PRC - [2001/05/08 07:00:00 | 000,242,960 | ---- | M] (Microsoft Corporation) -- C:\WINNT\EXPLORER.EXE
PRC - [2001/05/08 07:00:00 | 000,118,032 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\MSTASK.EXE
PRC - [2001/05/08 07:00:00 | 000,066,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\REGSVC.EXE
PRC - [2001/05/08 07:00:00 | 000,020,752 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\INTERNAT.EXE


========== Modules (No Company Name) ==========

MOD - [2007/02/05 07:57:22 | 000,974,848 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_crypto.dll
MOD - [2007/02/05 07:57:22 | 000,798,720 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libeay32.dll
MOD - [2007/02/05 07:57:22 | 000,184,320 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_ssl.dll
MOD - [2007/02/05 07:57:22 | 000,155,648 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\ssleay32.dll
MOD - [2007/02/05 07:57:22 | 000,073,728 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\zlib.dll
MOD - [2006/03/14 22:39:58 | 000,077,824 | ---- | M] () -- C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\shrdmem.dll
MOD - [2003/11/18 01:29:04 | 000,055,808 | ---- | M] () -- C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\zlib1.dll
MOD - [2003/11/09 16:12:26 | 000,815,104 | ---- | M] () -- C:\Program Files\ERS MS\ERS MS Alarm Receiver.exe
MOD - [2003/11/08 15:21:14 | 000,114,688 | ---- | M] () -- C:\Program Files\ERS MS\ERSParser.dll
MOD - [2003/11/07 16:26:16 | 000,061,440 | ---- | M] () -- C:\Program Files\ERS MS\ERSAlarmBuffer.exe
MOD - [2003/11/05 19:26:40 | 000,122,880 | ---- | M] () -- C:\Program Files\ERS MS\DBLocking.exe
MOD - [2003/11/05 19:16:06 | 001,351,680 | ---- | M] () -- C:\Program Files\ERS MS\PCMsecurity.dll
MOD - [2003/11/05 19:15:40 | 000,081,920 | ---- | M] () -- C:\Program Files\ERS MS\PCMRS232.dll
MOD - [2003/11/05 19:13:20 | 000,094,208 | ---- | M] () -- C:\Program Files\ERS MS\PCMPaging.dll
MOD - [2003/11/05 19:12:40 | 000,086,016 | ---- | M] () -- C:\Program Files\ERS MS\PCMLogging.dll
MOD - [2003/11/05 19:12:02 | 000,102,400 | ---- | M] () -- C:\Program Files\ERS MS\PCMDispatch.dll
MOD - [2003/11/05 19:11:16 | 000,229,376 | ---- | M] () -- C:\Program Files\ERS MS\ERSDBServer.dll
MOD - [2003/11/05 19:10:46 | 000,077,824 | ---- | M] () -- C:\Program Files\ERS MS\PCMdatabase.dll
MOD - [2003/11/05 15:13:28 | 000,081,920 | ---- | M] () -- C:\Program Files\ERS MS\PCMCMS.exe
MOD - [2003/04/04 02:37:00 | 000,028,672 | ---- | M] () -- C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\pthread.dll
MOD - [2002/08/08 17:25:26 | 000,024,576 | ---- | M] () -- C:\Program Files\ERS MS\DBLockingps.dll
MOD - [2002/08/02 16:54:26 | 000,024,576 | ---- | M] () -- C:\Program Files\ERS MS\ERSAlarmBufferps.dll


========== Services (SafeList) ==========

SRV - [2011/02/17 03:23:12 | 000,389,960 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009/12/08 03:07:29 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2009/06/26 13:49:48 | 000,192,512 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRPC.exe -- (InoRPC)
SRV - [2009/06/26 13:49:47 | 000,208,896 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2008/06/24 14:32:18 | 000,095,808 | ---- | M] (Sysinternals) [On_Demand | Stopped] -- C:\WINNT\PSEXESVC.EXE -- (PSEXESVC)
SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2006/03/15 00:50:18 | 000,409,600 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe -- (CASUniversalAgent)
SRV - [2006/03/15 00:42:24 | 000,131,072 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe -- (CASDiscoverySvc)
SRV - [2006/03/14 22:57:08 | 000,122,880 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\BrightStor Backup Agent for Open Files\Ofant.exe -- (OpenFileAgent)
SRV - [2006/02/09 03:50:00 | 000,267,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\System32\ccmsetup\ccmsetup.exe -- (ccmsetup)
SRV - [2005/03/23 14:17:00 | 000,126,976 | ---- | M] (Computer Associates International Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)
SRV - [2005/03/23 14:16:00 | 000,155,648 | ---- | M] (Computer Associates International Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2005/02/23 15:56:12 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2004/03/08 11:56:10 | 000,320,656 | ---- | M] (VERITAS Software Corporation) [Auto | Running] -- C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe -- (BackupExecAgentAccelerator)
SRV - [2003/11/05 19:41:20 | 000,122,880 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSWatchdog.exe -- (ERS MS 5 Watchdog)
SRV - [2003/11/05 19:33:38 | 000,114,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSConfigToolServer.exe -- (ERS MS 5 Configuration Tool Server)
SRV - [2003/11/05 15:19:52 | 000,102,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\PCMAutoArchiving.exe -- (ERS MS 5 Auto Archiver - 1)
SRV - [2003/11/05 15:19:08 | 000,102,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSWatchmate.exe -- (ERS MS 5 Watchmate)
SRV - [2003/11/05 15:18:42 | 000,122,968 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSRedirector.exe -- (ERS MS 5 Redirector)
SRV - [2003/11/05 15:18:24 | 000,118,784 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\PCMOH2000.exe -- (ERS MS 5 OH-2000)
SRV - [2003/11/05 15:16:58 | 000,032,768 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\PCMOHMP.exe -- (ERS MS 5 QuickAlert - 1)
SRV - [2003/11/05 15:16:26 | 000,094,208 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSMSIPFirmware.exe -- (ERS MS 5 IP Firmware Server)
SRV - [2003/11/05 15:16:04 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSMSConfig.exe -- (ERS MS 5 IP Configuration Server)
SRV - [2003/11/05 15:15:28 | 000,098,304 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSMSIPAlarm.exe -- (ERS MS 5 IP Alarm Server)
SRV - [2003/11/05 15:14:40 | 000,118,784 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSDHCPServer.exe -- (ERS MS 5 DHCP Server)
SRV - [2003/11/05 15:13:28 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ERS MS\PCMCMS.exe -- (ERS MS 5 CMS - 1)
SRV - [2002/05/08 10:51:52 | 000,212,992 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2002/04/04 13:56:10 | 000,163,840 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2002/02/27 10:57:34 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\NMSSvc.Exe -- (NMSSvc)
SRV - [2002/02/15 11:51:00 | 000,114,749 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -- (awhost32)
SRV - [2001/05/08 07:00:00 | 000,196,685 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE -- (WinMgmt)
SRV - [2001/05/08 07:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2001/05/08 07:00:00 | 000,118,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\MSTASK.EXE -- (Schedule)
SRV - [2001/05/08 07:00:00 | 000,096,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\SYSTEM32\FAXSVC.EXE -- (Fax)
SRV - [2001/05/08 07:00:00 | 000,066,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\REGSVC.EXE -- (RemoteRegistry)
SRV - [2001/05/08 07:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\SYSTEM32\UTILMAN.EXE -- (UtilMan)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\vncdrv.sys -- (vncdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (tga)
DRV - File not found [Kernel | System | Stopped] -- -- (sglfb)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ersdcom\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2007/10/18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/08/06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\ino_flpy.sys -- (INO_FLPY)
DRV - [2006/03/14 22:58:06 | 000,157,766 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\OFANT.sys -- (OFADriver)
DRV - [2004/11/19 11:04:18 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/06/18 15:17:21 | 000,121,344 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\hardlock.sys -- (Hardlock)
DRV - [2004/06/18 15:17:21 | 000,097,280 | ---- | M] (Aladdin Knowledge Systems.) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\Haspnt.sys -- (Haspnt)
DRV - [2003/09/05 11:34:42 | 000,050,080 | ---- | M] (VERITAS Software) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\VSP.SYS -- (VSP)
DRV - [2002/07/15 16:15:38 | 000,089,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\e1000nt5.sys -- (E1000)
DRV - [2002/05/07 17:06:36 | 000,023,744 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\platalrt.sys -- (PlatAlrt)
DRV - [2002/05/07 17:05:56 | 000,039,680 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\Netalrt.sys -- (NetAlrt)
DRV - [2002/04/18 12:46:00 | 000,049,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\usbhub20.sys -- (usbhub20)
DRV - [2002/04/10 10:12:10 | 000,293,884 | ---- | M] (Keyspan) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\usa49w2k.sys -- (USA49W)
DRV - [2002/04/08 12:46:12 | 000,040,908 | ---- | M] (Keyspan) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\usa49w2kp.sys -- (USA49W2KP)
DRV - [2002/04/04 13:55:22 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINNT\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/02/27 10:57:52 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/02/11 11:51:00 | 000,033,496 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\AW_HOST5.sys -- (AW_HOST)
DRV - [2001/11/14 22:13:10 | 000,050,798 | R--- | M] (OEM) [Kernel | System | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\oxser.sys -- (oxser)
DRV - [2001/11/14 22:13:10 | 000,013,596 | R--- | M] (OEM) [Kernel | System | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\oxmf.sys -- (oxmf)
DRV - [2001/11/14 22:13:10 | 000,004,992 | R--- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\oxmfuf.sys -- (Oxmfuf)
DRV - [2001/11/14 22:08:50 | 000,075,904 | R--- | M] (OEM) [Kernel | System | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\oxpar.sys -- (oxpar)
DRV - [2001/10/09 11:51:00 | 000,014,944 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\GERNUWA.SYS -- (Gernuwa)
DRV - [2001/06/08 09:25:56 | 000,017,258 | ---- | M] (American Megatrends, Inc.) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\MRAID2K.SYS -- (mraid2k)
DRV - [2001/05/08 07:00:00 | 000,368,976 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\DMBOOT.SYS -- (dmboot)
DRV - [2001/05/08 07:00:00 | 000,137,008 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\DMIO.SYS -- (dmio)
DRV - [2001/05/08 07:00:00 | 000,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\PARALLEL.SYS -- (Parallel)
DRV - [2001/05/08 07:00:00 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\EFS.SYS -- (EFS)
DRV - [2001/05/08 07:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\RCA.SYS -- (RCA)
DRV - [2001/05/08 07:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\NETDTECT.SYS -- (NetDetect)
DRV - [2001/05/08 07:00:00 | 000,007,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\DISKPERF.SYS -- (Diskperf)
DRV - [2001/05/08 07:00:00 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\DMLOAD.SYS -- (dmload)
DRV - [2001/05/04 13:05:02 | 000,032,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\uhcd.sys -- (uhcd)
DRV - [2001/04/26 16:00:30 | 000,064,418 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\Fasttrak.sys -- (fasttrak)
DRV - [2000/09/11 11:51:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\SYSTEM32\DRIVERS\AWLEGACY.SYS -- (awlegacy)
DRV - [1999/10/27 16:23:38 | 000,345,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [1999/10/23 13:22:20 | 000,061,712 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90BC)
DRV - [1999/10/22 15:54:42 | 000,032,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\ICHAUD.SYS -- (ichaud)
DRV - [1999/09/25 12:11:42 | 000,011,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\FD16_700.SYS -- (Fd16_700)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2001/05/08 07:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,[email protected],&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\MSDXM.OCX ()
O4 - HKLM..\Run: [PPRT] C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC_Logon.exe (CA, Inc.)
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe (CA)
O4 - HKCU..\Run: [Internat.exe] C:\WINNT\System32\INTERNAT.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ERS MS Alarm Receiver.lnk = C:\Program Files\ERS MS\ERS MS Alarm Receiver.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\SYSTEM32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: fellowshipvillage.local ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: fellowshipvillage.local ([jenga] http in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5 192.168.1.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FellowshipVillage.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC0A603B-CB60-4464-BC42-969E8376CA2F}: DhcpNameServer = 192.168.1.5 192.168.1.12
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\SYSTEM32\MSDXM.OCX ()
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.Exe) - C:\WINNT\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\SYSTEM32\USERINIT.EXE (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINNT\System32\PCANotify.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\CA\SHARED~1\SCANEN~1\inocboot.exe -s -r \??\C:\PROGRA~1\CA\SHARED~1\SCANEN~1\)
O34 - HKLM BootExecute: (09jow4wj2304lfd0sf9fsd0a2t4ld.biz)
O34 - HKLM BootExecute: (77A8-11D2-9B6C-0000F8080861}.ini...)
O34 - HKLM BootExecute: (->)
O34 - HKLM BootExecute: (m Files\VERITAS\Backup Exec\RANT\b)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/07 10:37:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ersdcom\Desktop\OTL.exe
[2013/06/07 10:13:49 | 007,337,424 | ---- | C] (Bitdefender LLC) -- C:\Documents and Settings\ersdcom\Desktop\BDRemovalToolLauncher_downadup.exe
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/07 10:25:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ersdcom\Desktop\OTL.exe
[2013/06/05 18:22:26 | 007,337,424 | ---- | M] (Bitdefender LLC) -- C:\Documents and Settings\ersdcom\Desktop\BDRemovalToolLauncher_downadup.exe
[2013/05/24 13:53:59 | 000,376,286 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/08 16:03:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e0.dat
[2011/07/08 04:06:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_22c.dat
[2011/07/07 16:03:36 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_700.dat
[2009/06/26 13:20:49 | 000,012,288 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2004/06/18 15:50:26 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\ersdcom\ntuser.pol
[2002/03/12 11:53:40 | 000,021,952 | -H-- | C] () -- C:\Program Files\FOLDER.HTT

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >
  • 0

#3
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi and welcome back to Geeks to Go. :)

I have a Windows 2000 Pro computer

Are you aware this particular Operating System is no longer supported by Microsoft ? Plus the fact is does not even have the last Service Pack released installed.

Either way it is prudent not to use this machine with a active internet connection/actually use it to go online with etc. The most prudent course of action would be either carry out is a reformat and reinstallation of the Windows Operating System and merely keep the machine as a stand alone word processor with no Internet access for example. Or consider upgrading the actual Operating System itself.

infected with the Conficker.b virus and I've tried to run several programs on it but they won't run. I don't know if it's because the program won't let them run or because they aren't compatible with Windows 2000.

Aye not much still compatible from a security tool point of view any more I'm afraid. You could consider using this from Symantec but I would create a backup first using Erunt. Finally run a online scan with Eset.

Next:

I am not advising you attempt the aforementioned merely pointing out a possible remedy that has a very slim chance of success and or even leave the machine unbootable. Even if does work the machine with the current Operating System will always be deemed a security risk all told if used online...As it stands my initial advice is the best course of action.

My apologies I cannot actually provide specific Anti-Malware support at this time and good luck for what ever course of action you decide upon.
  • 0

#4
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
There is nothing that can be done?

This is what I have, I can not upgrade at this time and I have to get this infection off this machine.

Is there any other action we can take to get this rectified?
  • 0

#5
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
I'm afraid not unfortunately, I have provided the best possible advice concerning the Operating System in use. :)
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP