-
Computer infected with Window Fix Disc
Hi Spybot,
Please help
MY computer is infected and running wild with WFD. I ran superantispyware and it found 215 adwares and removed, along with the 3 disablings of task manager.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by John at 0:53:44.85 on Thu 04/14/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.248 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\John\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: google.com\b.mail
Trusted Zone: google.com\mail
Trusted Zone: google.com\www
Trusted Zone: landrecordsonline.com\sussex
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
-
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
You only posted part of the DDS log, run it again please and post the entire log
-
new DDS
Hi Spybot,
Thank you for responding. I have run erunt for the first post. Presently my computer is having some real problems Something has wiped out a lot of files word is missing programs are missing. I am recieving message that say Internet Script Error- Http://2aglam.com/mobile/direct.act?sffiliated=38109533. I am alsogetting redirected and my access to IE is gone I am using FF and I cannot seem to get it to compress the files I am sending
Thnak You
John Chambers
-
Nothing bad on your log, not to say your not infected as this stuff hides
This is what you have installed, is this a company computer ?
Symantec AntiVirus Corporate Edition
-
My own computer
Hi Spybot,
My name is John Chambers, what is your name. This computer is my own personal one. I am a RE Broker and it is the core of my poor business at present. My wife works for a town and they have helped me in the past to recover from pc malware attacks that is why symatic shows up as corporate. I pay for everything.
I think my PC has just gotten killed they took my games, my business, my word document, evertng that was set up is gone. I don't even know where anything is right now.
Just looking for help
Thanks
John Chambers
-
Repeat
HI ken ,
I did not see your Bio. I remember you are from the Bronx I am from Bay Ridge, Brooklyn. You helped me before and I think this is just a continuation of a bad infection from 4 months ago.
John Chambers
-
Hello John,
Is the Bronx still there
Scan With RootKitUnHooker
- Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1
Link 2
Link 3
- Now double-click on RKUnhookerLE.exe to run it.
- Click the Report tab, then click Scan.
- Check (Tick) Drivers and Stealth
- Uncheck the rest. then click OK
- When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
- Wait till the scanner has finished and then click File > Save Report.
- Save the report somewhere where you can find it. Click Close.
- Copy the entire contents of the report and paste it in your next reply.
Note** you may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
Error on Loading ruunhooker
Hi Ken,
When I loaded this I got to the scan as directed then popups came and rediection and every thing frooze. I was in the precess of saving the report when this happened. I restatred and reloaded RU unhooker with the second choice and I got this message"error loading/opening driver" that happened again as I tried to load the other links.
John
-
RKunhooker Scan
Hi Ken,
This what ever it is keeps attacking and trying to stop the repair. I went off line and loaded the scan and saved it.
John
-
Otl
OTL logfile created on: 4/16/2011 12:48:46 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
503.00 Mb Total Physical Memory | 129.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 33.21 Gb Free Space | 44.58% Space Free | Partition Type: NTFS
Computer Name: CHAMBERS-1 | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\MDM.EXE (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\iTouch\itchhk.dll (Logitech Inc.)
MOD - C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL (Logitech Inc.)
========== Win32 Services (SafeList) ==========
SRV - (HitmanPro35Crusader) -- File not found
SRV - (HidServ) -- File not found
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110415.002\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110415.002\naveng.sys (Symantec Corporation)
DRV - (hitmanpro35) -- C:\WINDOWS\system32\drivers\hitmanpro35.sys ()
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eraserutilrebootdrv.sys (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\spbbcdrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-879983540-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1644491937-879983540-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-879983540-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/30 22:26:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 10:58:38 | 000,000,000 | ---D | M]
[2010/10/06 11:38:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2010/10/06 11:38:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\amsntw2b.default\extensions
[2010/10/06 11:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/17 08:25:19 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
O1 HOSTS File: ([2011/04/14 01:46:19 | 000,431,577 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14881 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\..Trusted Domains: google.com ([b.mail] https in Trusted sites)
O15 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\..Trusted Domains: landrecordsonline.com ([sussex] https in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetect...etection32.cab (Device Detection)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/02 10:54:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/09 13:38:40 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/16 12:43:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2011/04/16 12:24:58 | 000,323,584 | -HS- | C] (Valve Corporation) -- C:\Documents and Settings\John\Local Settings\Application Data\djt.exe
[2011/04/14 00:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/14 00:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/14 00:44:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\John\Desktop\erunt-setup.exe
[2011/04/13 22:32:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Recent
[2011/04/13 22:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Start Menu\Programs\Windows Fix Disk
[2011/04/03 09:40:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Delta Flight Schedules
[2011/03/26 12:47:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/03/26 12:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[1998/12/08 22:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 22:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 22:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 22:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 22:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 22:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/16 12:43:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2011/04/16 12:32:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/16 12:32:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/16 12:31:01 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/04/16 12:30:36 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/16 12:30:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/16 12:25:33 | 000,003,218 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0au1wai723b6v6h7c0w2ive7yef
[2011/04/16 12:25:32 | 000,003,218 | -HS- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\0au1wai723b6v6h7c0w2ive7yef
[2011/04/16 12:24:58 | 000,323,584 | -HS- | M] (Valve Corporation) -- C:\Documents and Settings\John\Local Settings\Application Data\djt.exe
[2011/04/16 12:07:54 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\John\Desktop\RKUnhookerLE.EXE
[2011/04/15 11:25:44 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 11:17:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 02:22:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/14 01:46:19 | 000,431,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/14 01:41:22 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/14 01:41:22 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Spybot - Search & Destroy.lnk
[2011/04/14 00:51:45 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\John\Desktop\dds.scr
[2011/04/14 00:48:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2011/04/14 00:44:42 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\John\Desktop\erunt-setup.exe
[2011/04/13 20:14:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/12 14:00:18 | 000,002,473 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\Microsoft Word.lnk
[2011/04/12 00:45:11 | 000,000,206 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\KATE MAIL.url
[2011/04/11 02:27:22 | 000,000,177 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\Google.url
[2011/04/09 10:33:24 | 000,000,377 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\NJ Tax Records Search.url
[2011/04/07 07:15:35 | 000,000,326 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\Personal Banking - PNC Bank.url
[2011/04/03 10:25:11 | 000,000,188 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\Garden State Multiple Listing Service.url
[2011/04/03 09:40:15 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Delta Flight Schedules.lnk
[2011/03/26 12:47:17 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/25 12:10:31 | 000,430,685 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110414-014619.backup
[2011/03/23 11:31:36 | 000,307,275 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Floor plan 60 broadway.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/16 12:24:59 | 000,003,218 | -HS- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\0au1wai723b6v6h7c0w2ive7yef
[2011/04/16 12:24:59 | 000,003,218 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0au1wai723b6v6h7c0w2ive7yef
[2011/04/16 12:07:53 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\John\Desktop\RKUnhookerLE.EXE
[2011/04/14 01:41:22 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/14 00:51:45 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\John\Desktop\dds.scr
[2011/04/14 00:48:32 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2011/03/26 12:47:17 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/23 11:31:35 | 000,307,275 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Floor plan 60 broadway.pdf
[2011/01/11 10:15:38 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/05 12:54:09 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\John\Application Data\56F6.0CB
[2010/12/21 20:40:59 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EDnmY36.dat
[2010/11/10 15:22:11 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2010/10/06 11:38:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/31 00:25:32 | 000,000,032 | ---- | C] () -- C:\WINDOWS\vb_mconf.ini
[2009/12/01 19:02:29 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/16 17:25:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2009/10/10 12:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/10/05 15:46:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/02 16:38:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/10/02 16:38:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2009/10/02 16:32:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/02 16:32:43 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/10/02 16:28:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/10/02 10:56:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/02 10:51:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/02 06:43:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/02 06:42:47 | 000,172,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/03/19 18:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2002/03/19 17:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2010/03/11 22:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/01/11 10:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/15 07:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/05 15:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/11 21:20:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\John\Application Data\GARMIN
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules