Any help would be greatly appreciated.
Infected with the Conficker.B [Solved]
#1
Posted 07 June 2013 - 08:28 AM
Any help would be greatly appreciated.
#2
Posted 07 June 2013 - 08:47 AM
OTL logfile created on: 6/7/2013 10:37:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ersdcom\Desktop
Windows 2000 Professional Edition Service Pack 2 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.3315.1000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
509.99 Mb Total Physical Memory | 288.84 Mb Available Physical Memory | 56.64% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.13% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 34.56 Gb Free Space | 92.80% Space Free | Partition Type: NTFS
Drive E: | 7.44 Gb Total Space | 1.28 Gb Free Space | 17.25% Space Free | Partition Type: FAT32
Computer Name: TROUBLE | User Name: ERSDCOM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/06/07 10:25:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ersdcom\Desktop\OTL.exe
PRC - [2011/02/17 03:23:12 | 000,389,960 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe
PRC - [2009/12/08 03:07:29 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
PRC - [2009/06/26 13:49:48 | 000,192,512 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRPC.exe
PRC - [2009/06/26 13:49:47 | 000,208,896 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
PRC - [2008/02/08 17:58:44 | 000,407,368 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Realmon.exe
PRC - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2006/03/15 00:50:18 | 000,409,600 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe
PRC - [2006/03/15 00:42:24 | 000,131,072 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
PRC - [2006/03/14 22:57:08 | 000,122,880 | ---- | M] (Computer Associates) -- C:\Program Files\CA\BrightStor Backup Agent for Open Files\Ofant.exe
PRC - [2006/02/09 03:50:00 | 000,267,488 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\ccmsetup\ccmsetup.exe
PRC - [2005/02/23 15:56:12 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2004/03/08 11:56:10 | 000,320,656 | ---- | M] (VERITAS Software Corporation) -- C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
PRC - [2003/11/09 16:12:26 | 000,815,104 | ---- | M] () -- C:\Program Files\ERS MS\ERS MS Alarm Receiver.exe
PRC - [2003/11/07 16:26:16 | 000,061,440 | ---- | M] () -- C:\Program Files\ERS MS\ERSAlarmBuffer.exe
PRC - [2003/11/05 19:26:40 | 000,122,880 | ---- | M] () -- C:\Program Files\ERS MS\DBLocking.exe
PRC - [2003/11/05 15:13:28 | 000,081,920 | ---- | M] () -- C:\Program Files\ERS MS\PCMCMS.exe
PRC - [2002/05/08 10:51:52 | 000,212,992 | ---- | M] (Intel Corporation) -- C:\Program Files\intel\ASF Agent\ASFAgent.exe
PRC - [2002/04/04 13:56:10 | 000,163,840 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2002/02/27 10:57:34 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\SYSTEM32\NMSSvc.Exe
PRC - [2001/05/08 07:00:00 | 000,242,960 | ---- | M] (Microsoft Corporation) -- C:\WINNT\EXPLORER.EXE
PRC - [2001/05/08 07:00:00 | 000,118,032 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\MSTASK.EXE
PRC - [2001/05/08 07:00:00 | 000,066,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\REGSVC.EXE
PRC - [2001/05/08 07:00:00 | 000,020,752 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\INTERNAT.EXE
========== Modules (No Company Name) ==========
MOD - [2007/02/05 07:57:22 | 000,974,848 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_crypto.dll
MOD - [2007/02/05 07:57:22 | 000,798,720 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libeay32.dll
MOD - [2007/02/05 07:57:22 | 000,184,320 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_ssl.dll
MOD - [2007/02/05 07:57:22 | 000,155,648 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\ssleay32.dll
MOD - [2007/02/05 07:57:22 | 000,073,728 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\zlib.dll
MOD - [2006/03/14 22:39:58 | 000,077,824 | ---- | M] () -- C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\shrdmem.dll
MOD - [2003/11/18 01:29:04 | 000,055,808 | ---- | M] () -- C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\zlib1.dll
MOD - [2003/11/09 16:12:26 | 000,815,104 | ---- | M] () -- C:\Program Files\ERS MS\ERS MS Alarm Receiver.exe
MOD - [2003/11/08 15:21:14 | 000,114,688 | ---- | M] () -- C:\Program Files\ERS MS\ERSParser.dll
MOD - [2003/11/07 16:26:16 | 000,061,440 | ---- | M] () -- C:\Program Files\ERS MS\ERSAlarmBuffer.exe
MOD - [2003/11/05 19:26:40 | 000,122,880 | ---- | M] () -- C:\Program Files\ERS MS\DBLocking.exe
MOD - [2003/11/05 19:16:06 | 001,351,680 | ---- | M] () -- C:\Program Files\ERS MS\PCMsecurity.dll
MOD - [2003/11/05 19:15:40 | 000,081,920 | ---- | M] () -- C:\Program Files\ERS MS\PCMRS232.dll
MOD - [2003/11/05 19:13:20 | 000,094,208 | ---- | M] () -- C:\Program Files\ERS MS\PCMPaging.dll
MOD - [2003/11/05 19:12:40 | 000,086,016 | ---- | M] () -- C:\Program Files\ERS MS\PCMLogging.dll
MOD - [2003/11/05 19:12:02 | 000,102,400 | ---- | M] () -- C:\Program Files\ERS MS\PCMDispatch.dll
MOD - [2003/11/05 19:11:16 | 000,229,376 | ---- | M] () -- C:\Program Files\ERS MS\ERSDBServer.dll
MOD - [2003/11/05 19:10:46 | 000,077,824 | ---- | M] () -- C:\Program Files\ERS MS\PCMdatabase.dll
MOD - [2003/11/05 15:13:28 | 000,081,920 | ---- | M] () -- C:\Program Files\ERS MS\PCMCMS.exe
MOD - [2003/04/04 02:37:00 | 000,028,672 | ---- | M] () -- C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\pthread.dll
MOD - [2002/08/08 17:25:26 | 000,024,576 | ---- | M] () -- C:\Program Files\ERS MS\DBLockingps.dll
MOD - [2002/08/02 16:54:26 | 000,024,576 | ---- | M] () -- C:\Program Files\ERS MS\ERSAlarmBufferps.dll
========== Services (SafeList) ==========
SRV - [2011/02/17 03:23:12 | 000,389,960 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009/12/08 03:07:29 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2009/06/26 13:49:48 | 000,192,512 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRPC.exe -- (InoRPC)
SRV - [2009/06/26 13:49:47 | 000,208,896 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2008/06/24 14:32:18 | 000,095,808 | ---- | M] (Sysinternals) [On_Demand | Stopped] -- C:\WINNT\PSEXESVC.EXE -- (PSEXESVC)
SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2006/03/15 00:50:18 | 000,409,600 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe -- (CASUniversalAgent)
SRV - [2006/03/15 00:42:24 | 000,131,072 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe -- (CASDiscoverySvc)
SRV - [2006/03/14 22:57:08 | 000,122,880 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\BrightStor Backup Agent for Open Files\Ofant.exe -- (OpenFileAgent)
SRV - [2006/02/09 03:50:00 | 000,267,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\System32\ccmsetup\ccmsetup.exe -- (ccmsetup)
SRV - [2005/03/23 14:17:00 | 000,126,976 | ---- | M] (Computer Associates International Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)
SRV - [2005/03/23 14:16:00 | 000,155,648 | ---- | M] (Computer Associates International Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2005/02/23 15:56:12 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2004/03/08 11:56:10 | 000,320,656 | ---- | M] (VERITAS Software Corporation) [Auto | Running] -- C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe -- (BackupExecAgentAccelerator)
SRV - [2003/11/05 19:41:20 | 000,122,880 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSWatchdog.exe -- (ERS MS 5 Watchdog)
SRV - [2003/11/05 19:33:38 | 000,114,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSConfigToolServer.exe -- (ERS MS 5 Configuration Tool Server)
SRV - [2003/11/05 15:19:52 | 000,102,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\PCMAutoArchiving.exe -- (ERS MS 5 Auto Archiver - 1)
SRV - [2003/11/05 15:19:08 | 000,102,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSWatchmate.exe -- (ERS MS 5 Watchmate)
SRV - [2003/11/05 15:18:42 | 000,122,968 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSRedirector.exe -- (ERS MS 5 Redirector)
SRV - [2003/11/05 15:18:24 | 000,118,784 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\PCMOH2000.exe -- (ERS MS 5 OH-2000)
SRV - [2003/11/05 15:16:58 | 000,032,768 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\PCMOHMP.exe -- (ERS MS 5 QuickAlert - 1)
SRV - [2003/11/05 15:16:26 | 000,094,208 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSMSIPFirmware.exe -- (ERS MS 5 IP Firmware Server)
SRV - [2003/11/05 15:16:04 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSMSConfig.exe -- (ERS MS 5 IP Configuration Server)
SRV - [2003/11/05 15:15:28 | 000,098,304 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSMSIPAlarm.exe -- (ERS MS 5 IP Alarm Server)
SRV - [2003/11/05 15:14:40 | 000,118,784 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ERS MS\ERSDHCPServer.exe -- (ERS MS 5 DHCP Server)
SRV - [2003/11/05 15:13:28 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ERS MS\PCMCMS.exe -- (ERS MS 5 CMS - 1)
SRV - [2002/05/08 10:51:52 | 000,212,992 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2002/04/04 13:56:10 | 000,163,840 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2002/02/27 10:57:34 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\NMSSvc.Exe -- (NMSSvc)
SRV - [2002/02/15 11:51:00 | 000,114,749 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -- (awhost32)
SRV - [2001/05/08 07:00:00 | 000,196,685 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE -- (WinMgmt)
SRV - [2001/05/08 07:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2001/05/08 07:00:00 | 000,118,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\MSTASK.EXE -- (Schedule)
SRV - [2001/05/08 07:00:00 | 000,096,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\SYSTEM32\FAXSVC.EXE -- (Fax)
SRV - [2001/05/08 07:00:00 | 000,066,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\REGSVC.EXE -- (RemoteRegistry)
SRV - [2001/05/08 07:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\SYSTEM32\UTILMAN.EXE -- (UtilMan)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\vncdrv.sys -- (vncdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (tga)
DRV - File not found [Kernel | System | Stopped] -- -- (sglfb)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ersdcom\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2007/10/18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/08/06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\ino_flpy.sys -- (INO_FLPY)
DRV - [2006/03/14 22:58:06 | 000,157,766 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\OFANT.sys -- (OFADriver)
DRV - [2004/11/19 11:04:18 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/06/18 15:17:21 | 000,121,344 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\hardlock.sys -- (Hardlock)
DRV - [2004/06/18 15:17:21 | 000,097,280 | ---- | M] (Aladdin Knowledge Systems.) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\Haspnt.sys -- (Haspnt)
DRV - [2003/09/05 11:34:42 | 000,050,080 | ---- | M] (VERITAS Software) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\VSP.SYS -- (VSP)
DRV - [2002/07/15 16:15:38 | 000,089,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\e1000nt5.sys -- (E1000)
DRV - [2002/05/07 17:06:36 | 000,023,744 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\platalrt.sys -- (PlatAlrt)
DRV - [2002/05/07 17:05:56 | 000,039,680 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\Netalrt.sys -- (NetAlrt)
DRV - [2002/04/18 12:46:00 | 000,049,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\usbhub20.sys -- (usbhub20)
DRV - [2002/04/10 10:12:10 | 000,293,884 | ---- | M] (Keyspan) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\usa49w2k.sys -- (USA49W)
DRV - [2002/04/08 12:46:12 | 000,040,908 | ---- | M] (Keyspan) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\usa49w2kp.sys -- (USA49W2KP)
DRV - [2002/04/04 13:55:22 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINNT\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/02/27 10:57:52 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/02/11 11:51:00 | 000,033,496 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\AW_HOST5.sys -- (AW_HOST)
DRV - [2001/11/14 22:13:10 | 000,050,798 | R--- | M] (OEM) [Kernel | System | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\oxser.sys -- (oxser)
DRV - [2001/11/14 22:13:10 | 000,013,596 | R--- | M] (OEM) [Kernel | System | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\oxmf.sys -- (oxmf)
DRV - [2001/11/14 22:13:10 | 000,004,992 | R--- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\oxmfuf.sys -- (Oxmfuf)
DRV - [2001/11/14 22:08:50 | 000,075,904 | R--- | M] (OEM) [Kernel | System | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\oxpar.sys -- (oxpar)
DRV - [2001/10/09 11:51:00 | 000,014,944 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\GERNUWA.SYS -- (Gernuwa)
DRV - [2001/06/08 09:25:56 | 000,017,258 | ---- | M] (American Megatrends, Inc.) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\MRAID2K.SYS -- (mraid2k)
DRV - [2001/05/08 07:00:00 | 000,368,976 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\DMBOOT.SYS -- (dmboot)
DRV - [2001/05/08 07:00:00 | 000,137,008 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\DMIO.SYS -- (dmio)
DRV - [2001/05/08 07:00:00 | 000,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\PARALLEL.SYS -- (Parallel)
DRV - [2001/05/08 07:00:00 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\EFS.SYS -- (EFS)
DRV - [2001/05/08 07:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\RCA.SYS -- (RCA)
DRV - [2001/05/08 07:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\NETDTECT.SYS -- (NetDetect)
DRV - [2001/05/08 07:00:00 | 000,007,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\DISKPERF.SYS -- (Diskperf)
DRV - [2001/05/08 07:00:00 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\DMLOAD.SYS -- (dmload)
DRV - [2001/05/04 13:05:02 | 000,032,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\uhcd.sys -- (uhcd)
DRV - [2001/04/26 16:00:30 | 000,064,418 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\Fasttrak.sys -- (fasttrak)
DRV - [2000/09/11 11:51:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\SYSTEM32\DRIVERS\AWLEGACY.SYS -- (awlegacy)
DRV - [1999/10/27 16:23:38 | 000,345,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [1999/10/23 13:22:20 | 000,061,712 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90BC)
DRV - [1999/10/22 15:54:42 | 000,032,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\ICHAUD.SYS -- (ichaud)
DRV - [1999/09/25 12:11:42 | 000,011,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\SYSTEM32\DRIVERS\FD16_700.SYS -- (Fd16_700)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2001/05/08 07:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\MSDXM.OCX ()
O4 - HKLM..\Run: [PPRT] C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC_Logon.exe (CA, Inc.)
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe (CA)
O4 - HKCU..\Run: [Internat.exe] C:\WINNT\System32\INTERNAT.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ERS MS Alarm Receiver.lnk = C:\Program Files\ERS MS\ERS MS Alarm Receiver.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\SYSTEM32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\SYSTEM32\MSAFD.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: fellowshipvillage.local ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: fellowshipvillage.local ([jenga] http in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5 192.168.1.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FellowshipVillage.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC0A603B-CB60-4464-BC42-969E8376CA2F}: DhcpNameServer = 192.168.1.5 192.168.1.12
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\SYSTEM32\MSDXM.OCX ()
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.Exe) - C:\WINNT\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\SYSTEM32\USERINIT.EXE (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINNT\System32\PCANotify.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\CA\SHARED~1\SCANEN~1\inocboot.exe -s -r \??\C:\PROGRA~1\CA\SHARED~1\SCANEN~1\)
O34 - HKLM BootExecute: (09jow4wj2304lfd0sf9fsd0a2t4ld.biz)
O34 - HKLM BootExecute: (77A8-11D2-9B6C-0000F8080861}.ini...)
O34 - HKLM BootExecute: (->)
O34 - HKLM BootExecute: (m Files\VERITAS\Backup Exec\RANT\b)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/07 10:37:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ersdcom\Desktop\OTL.exe
[2013/06/07 10:13:49 | 007,337,424 | ---- | C] (Bitdefender LLC) -- C:\Documents and Settings\ersdcom\Desktop\BDRemovalToolLauncher_downadup.exe
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/07 10:25:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ersdcom\Desktop\OTL.exe
[2013/06/05 18:22:26 | 007,337,424 | ---- | M] (Bitdefender LLC) -- C:\Documents and Settings\ersdcom\Desktop\BDRemovalToolLauncher_downadup.exe
[2013/05/24 13:53:59 | 000,376,286 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/08 16:03:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e0.dat
[2011/07/08 04:06:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_22c.dat
[2011/07/07 16:03:36 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_700.dat
[2009/06/26 13:20:49 | 000,012,288 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2004/06/18 15:50:26 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\ersdcom\ntuser.pol
[2002/03/12 11:53:40 | 000,021,952 | -H-- | C] () -- C:\Program Files\FOLDER.HTT
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
========== Purity Check ==========
< End of report >
#3
Posted 07 June 2013 - 01:37 PM
Are you aware this particular Operating System is no longer supported by Microsoft ? Plus the fact is does not even have the last Service Pack released installed.I have a Windows 2000 Pro computer
Either way it is prudent not to use this machine with a active internet connection/actually use it to go online with etc. The most prudent course of action would be either carry out is a reformat and reinstallation of the Windows Operating System and merely keep the machine as a stand alone word processor with no Internet access for example. Or consider upgrading the actual Operating System itself.
Aye not much still compatible from a security tool point of view any more I'm afraid. You could consider using this from Symantec but I would create a backup first using Erunt. Finally run a online scan with Eset.infected with the Conficker.b virus and I've tried to run several programs on it but they won't run. I don't know if it's because the program won't let them run or because they aren't compatible with Windows 2000.
Next:
I am not advising you attempt the aforementioned merely pointing out a possible remedy that has a very slim chance of success and or even leave the machine unbootable. Even if does work the machine with the current Operating System will always be deemed a security risk all told if used online...As it stands my initial advice is the best course of action.
My apologies I cannot actually provide specific Anti-Malware support at this time and good luck for what ever course of action you decide upon.
#4
Posted 07 June 2013 - 02:14 PM
This is what I have, I can not upgrade at this time and I have to get this infection off this machine.
Is there any other action we can take to get this rectified?
#5
Posted 07 June 2013 - 02:28 PM
#6
Posted 10 June 2013 - 10:55 AM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users