Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Computer infected with Window Fix Disc

  1. 2011-04-14, 07:17 #1
    johnallanchambers
    johnallanchambers is offline
    Member
    Join Date
    Aug 2007
    Posts
    57

    Default Computer infected with Window Fix Disc

    Hi Spybot,
    Please help
    MY computer is infected and running wild with WFD. I ran superantispyware and it found 215 adwares and removed, along with the 3 disablings of task manager.


    DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
    Run by John at 0:53:44.85 on Thu 04/14/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.248 [GMT -4:00]
    .
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\MDM.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\John\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyOverride = <local>
    BHO: AutorunsDisabled - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: google.com\b.mail
    Trusted Zone: google.com\mail
    Trusted Zone: google.com\www
    Trusted Zone: landrecordsonline.com\sussex
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
  2. 2011-04-16, 00:14 #2
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    You only posted part of the DDS log, run it again please and post the entire log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2011-04-16, 01:42 #3
    johnallanchambers
    johnallanchambers is offline
    Member
    Join Date
    Aug 2007
    Posts
    57

    Default new DDS

    Hi Spybot,
    Thank you for responding. I have run erunt for the first post. Presently my computer is having some real problems Something has wiped out a lot of files word is missing programs are missing. I am recieving message that say Internet Script Error- Http://2aglam.com/mobile/direct.act?sffiliated=38109533. I am alsogetting redirected and my access to IE is gone I am using FF and I cannot seem to get it to compress the files I am sending
    Thnak You
    John Chambers
  4. 2011-04-16, 02:09 #4
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Nothing bad on your log, not to say your not infected as this stuff hides

    This is what you have installed, is this a company computer ?
    Symantec AntiVirus Corporate Edition
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2011-04-16, 08:09 #5
    johnallanchambers
    johnallanchambers is offline
    Member
    Join Date
    Aug 2007
    Posts
    57

    Default My own computer

    Hi Spybot,
    My name is John Chambers, what is your name. This computer is my own personal one. I am a RE Broker and it is the core of my poor business at present. My wife works for a town and they have helped me in the past to recover from pc malware attacks that is why symatic shows up as corporate. I pay for everything.
    I think my PC has just gotten killed they took my games, my business, my word document, evertng that was set up is gone. I don't even know where anything is right now.
    Just looking for help
    Thanks
    John Chambers
  6. 2011-04-16, 08:12 #6
    johnallanchambers
    johnallanchambers is offline
    Member
    Join Date
    Aug 2007
    Posts
    57

    Default Repeat

    HI ken ,
    I did not see your Bio. I remember you are from the Bronx I am from Bay Ridge, Brooklyn. You helped me before and I think this is just a continuation of a bad infection from 4 months ago.
    John Chambers
  7. 2011-04-16, 12:24 #7
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello John,

    Is the Bronx still there


    Scan With RootKitUnHooker

    • Please choose one link and download Rootkit Unhooker and save it to your desktop.
      Link 1
      Link 2
      Link 3
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers and Stealth
    • Uncheck the rest. then click OK
    • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
    • Wait till the scanner has finished and then click File > Save Report.
    • Save the report somewhere where you can find it. Click Close.
    • Copy the entire contents of the report and paste it in your next reply.


    Note** you may get the following warning, just click OK and continue.

    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"





    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  8. 2011-04-16, 18:14 #8
    johnallanchambers
    johnallanchambers is offline
    Member
    Join Date
    Aug 2007
    Posts
    57

    Default Error on Loading ruunhooker

    Hi Ken,
    When I loaded this I got to the scan as directed then popups came and rediection and every thing frooze. I was in the precess of saving the report when this happened. I restatred and reloaded RU unhooker with the second choice and I got this message"error loading/opening driver" that happened again as I tried to load the other links.
    John
  9. 2011-04-16, 18:42 #9
    johnallanchambers
    johnallanchambers is offline
    Member
    Join Date
    Aug 2007
    Posts
    57

    Default RKunhooker Scan

    Hi Ken,
    This what ever it is keeps attacking and trying to stop the repair. I went off line and loaded the scan and saved it.
    John
  10. 2011-04-16, 19:02 #10
    johnallanchambers
    johnallanchambers is offline
    Member
    Join Date
    Aug 2007
    Posts
    57

    Default Otl

    OTL logfile created on: 4/16/2011 12:48:46 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\John\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    503.00 Mb Total Physical Memory | 129.00 Mb Available Physical Memory | 26.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 33.21 Gb Free Space | 44.58% Space Free | Partition Type: NTFS

    Computer Name: CHAMBERS-1 | User Name: John | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
    PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
    PRC - C:\WINDOWS\system32\MDM.EXE (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
    MOD - C:\Program Files\Logitech\iTouch\itchhk.dll (Logitech Inc.)
    MOD - C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL (Logitech Inc.)


    ========== Win32 Services (SafeList) ==========

    SRV - (HitmanPro35Crusader) -- File not found
    SRV - (HidServ) -- File not found
    SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
    SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
    SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
    SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
    SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
    SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
    SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
    SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
    SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110415.002\navex15.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110415.002\naveng.sys (Symantec Corporation)
    DRV - (hitmanpro35) -- C:\WINDOWS\system32\drivers\hitmanpro35.sys ()
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eraserutilrebootdrv.sys (Symantec Corporation)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\spbbcdrv.sys (Symantec Corporation)
    DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
    DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
    DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
    DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\savrtpel.sys (Symantec Corporation)
    DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
    DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
    DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
    DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
    DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
    DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
    DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
    DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
    DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
    DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
    DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
    DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1644491937-879983540-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-1644491937-879983540-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1644491937-879983540-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/30 22:26:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 10:58:38 | 000,000,000 | ---D | M]

    [2010/10/06 11:38:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
    [2010/10/06 11:38:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\amsntw2b.default\extensions
    [2010/10/06 11:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/17 08:25:19 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

    O1 HOSTS File: ([2011/04/14 01:46:19 | 000,431,577 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 14881 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\..Trusted Domains: google.com ([b.mail] https in Trusted sites)
    O15 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\..Trusted Domains: google.com ([mail] https in Trusted sites)
    O15 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\..Trusted Domains: google.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-1644491937-879983540-682003330-1004\..Trusted Domains: landrecordsonline.com ([sussex] https in Trusted sites)
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetect...etection32.cab (Device Detection)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop Components:AutorunsDisabled () -
    O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/10/02 10:54:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/01/09 13:38:40 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/16 12:43:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
    [2011/04/16 12:24:58 | 000,323,584 | -HS- | C] (Valve Corporation) -- C:\Documents and Settings\John\Local Settings\Application Data\djt.exe
    [2011/04/14 00:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/04/14 00:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2011/04/14 00:44:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\John\Desktop\erunt-setup.exe
    [2011/04/13 22:32:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Recent
    [2011/04/13 22:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Start Menu\Programs\Windows Fix Disk
    [2011/04/03 09:40:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Delta Flight Schedules
    [2011/03/26 12:47:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/03/26 12:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [1998/12/08 22:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
    [1998/12/08 22:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
    [1998/12/08 22:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
    [1998/12/08 22:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
    [1998/12/08 22:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
    [1998/12/08 22:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/04/16 12:43:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
    [2011/04/16 12:32:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/16 12:32:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/16 12:31:01 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
    [2011/04/16 12:30:36 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/16 12:30:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/16 12:25:33 | 000,003,218 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0au1wai723b6v6h7c0w2ive7yef
    [2011/04/16 12:25:32 | 000,003,218 | -HS- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\0au1wai723b6v6h7c0w2ive7yef
    [2011/04/16 12:24:58 | 000,323,584 | -HS- | M] (Valve Corporation) -- C:\Documents and Settings\John\Local Settings\Application Data\djt.exe
    [2011/04/16 12:07:54 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\John\Desktop\RKUnhookerLE.EXE
    [2011/04/15 11:25:44 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/15 11:17:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/04/14 02:22:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/14 01:46:19 | 000,431,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/04/14 01:41:22 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/04/14 01:41:22 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Spybot - Search & Destroy.lnk
    [2011/04/14 00:51:45 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\John\Desktop\dds.scr
    [2011/04/14 00:48:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
    [2011/04/14 00:44:42 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\John\Desktop\erunt-setup.exe
    [2011/04/13 20:14:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/04/12 14:00:18 | 000,002,473 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\Microsoft Word.lnk
    [2011/04/12 00:45:11 | 000,000,206 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\KATE MAIL.url
    [2011/04/11 02:27:22 | 000,000,177 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\Google.url
    [2011/04/09 10:33:24 | 000,000,377 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\NJ Tax Records Search.url
    [2011/04/07 07:15:35 | 000,000,326 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\Personal Banking - PNC Bank.url
    [2011/04/03 10:25:11 | 000,000,188 | -H-- | M] () -- C:\Documents and Settings\John\Desktop\Garden State Multiple Listing Service.url
    [2011/04/03 09:40:15 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Delta Flight Schedules.lnk
    [2011/03/26 12:47:17 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/03/25 12:10:31 | 000,430,685 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110414-014619.backup
    [2011/03/23 11:31:36 | 000,307,275 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Floor plan 60 broadway.pdf
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/04/16 12:24:59 | 000,003,218 | -HS- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\0au1wai723b6v6h7c0w2ive7yef
    [2011/04/16 12:24:59 | 000,003,218 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0au1wai723b6v6h7c0w2ive7yef
    [2011/04/16 12:07:53 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\John\Desktop\RKUnhookerLE.EXE
    [2011/04/14 01:41:22 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/04/14 00:51:45 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\John\Desktop\dds.scr
    [2011/04/14 00:48:32 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
    [2011/03/26 12:47:17 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/03/23 11:31:35 | 000,307,275 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Floor plan 60 broadway.pdf
    [2011/01/11 10:15:38 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/01/05 12:54:09 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\John\Application Data\56F6.0CB
    [2010/12/21 20:40:59 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EDnmY36.dat
    [2010/11/10 15:22:11 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
    [2010/10/06 11:38:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/03/31 00:25:32 | 000,000,032 | ---- | C] () -- C:\WINDOWS\vb_mconf.ini
    [2009/12/01 19:02:29 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2009/10/16 17:25:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
    [2009/10/10 12:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2009/10/05 15:46:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/10/02 16:38:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2009/10/02 16:38:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
    [2009/10/02 16:32:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/10/02 16:32:43 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2009/10/02 16:28:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    [2009/10/02 10:56:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/10/02 10:51:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/10/02 06:43:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/10/02 06:42:47 | 000,172,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2002/03/19 18:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
    [2002/03/19 17:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
    [2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2001/08/23 08:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2001/08/23 08:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2010/03/11 22:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2011/01/11 10:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/04/15 07:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/10/05 15:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/03/11 21:20:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\John\Application Data\GARMIN

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    < End of report >
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules