Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus/Malware Infection--Clean Now?

Started by ConnellyWorker , Nov 15 2010 01:54 PM

  • Please log in to reply

#1
ConnellyWorker
Posted 15 November 2010 - 01:54 PM

ConnellyWorker

    New Member

  • Member
  • Pip
  • 1 posts
Hello,
One of our employees downloaded a virus by way of an email attachment. Initially the virus launched multiple fake antivirus notices, "questionable" web sites, blocked internet explorer, blocked the installation of alternet antivirus applications, etc. Through a series of processes learned here at GeeksToGo (thank you!) I was finally able to install and run SuperAntiSpyware and MalwareBytes Anti-Malware. Several trojans and some malware/adware were removed--sorry, I did not copy down the names. Things seem to be better but since it was so hard to clean, I'm wondering if I got it all. Could someone take a look at the OTL log below and tell me if anything still looks suspicious?
Thank you so much for your time!
OTL logfile created on: 11/15/2010 2:30:23 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jhanson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 78.77 Gb Free Space | 70.47% Space Free | Partition Type: NTFS
Drive H: | 931.52 Gb Total Space | 649.65 Gb Free Space | 69.74% Space Free | Partition Type: NTFS
Drive I: | 931.52 Gb Total Space | 649.65 Gb Free Space | 69.74% Space Free | Partition Type: NTFS
Drive K: | 931.52 Gb Total Space | 649.65 Gb Free Space | 69.74% Space Free | Partition Type: NTFS

Computer Name: 57045265H | User Name: jhanson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 14:05:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhanson\Desktop\OTL.exe
PRC - [2010/10/25 13:46:59 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/30 12:22:18 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/09/23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2009/12/03 11:29:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/05/08 17:49:20 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2008/11/18 15:37:44 | 000,882,048 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2008/11/14 14:57:00 | 001,069,688 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2008/11/14 14:55:12 | 000,918,824 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2008/11/05 13:58:16 | 000,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
PRC - [2008/11/05 13:58:00 | 000,492,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/12/13 06:12:00 | 000,173,600 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
PRC - [2006/12/13 05:56:00 | 000,656,928 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
PRC - [2006/11/13 14:11:00 | 000,136,736 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/05/05 17:39:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/04/24 19:54:04 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006/04/24 18:09:22 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/04/24 15:20:56 | 001,448,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
PRC - [2006/04/10 18:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/04/07 17:36:46 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/04/07 16:37:32 | 001,773,568 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/03/23 13:17:42 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2006/01/27 18:17:50 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2005/12/20 12:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2005/11/29 20:45:36 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe


========== Modules (SafeList) ==========

MOD - [2010/11/15 14:05:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhanson\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/30 12:22:18 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2009/12/03 11:29:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/14 14:57:00 | 001,069,688 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2008/11/14 14:55:12 | 000,918,824 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2008/11/05 13:58:16 | 000,677,128 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2008/11/05 13:58:00 | 000,492,888 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006/11/13 14:11:00 | 000,136,736 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/12/20 12:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)


========== Driver Services (SafeList) ==========

DRV - [2010/09/30 12:22:09 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/07/05 14:19:50 | 000,154,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/04 15:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 15:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 15:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapint.sys -- (VSApiNt)
DRV - [2008/12/05 07:58:48 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/21 17:50:42 | 000,334,352 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2008/07/21 17:50:28 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/04 01:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2006/12/13 01:34:22 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/09/19 20:28:00 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/07/25 18:39:32 | 001,707,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/05/09 17:27:24 | 004,273,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 17:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2006/04/13 20:00:28 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/02/24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/10 11:17:46 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/26 14:33:26 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2005/09/09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/27 23:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fedscoop.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370



O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\jhanson\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\jhanson\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\crssr.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\crssr.exe File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1258654180562 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.23.150.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CWcentral.com
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/19 10:46:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 14:26:31 | 000,000,000 | R-SD | C] -- H:\OfflineSync\My Safe
[2010/11/15 14:05:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jhanson\Desktop\OTL.exe
[2010/11/15 13:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jhanson\Application Data\Malwarebytes
[2010/11/15 13:23:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/15 13:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/15 13:23:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/15 13:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/15 10:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jhanson\Application Data\SUPERAntiSpyware.com
[2010/11/15 10:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/15 10:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/12 12:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/12 12:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/11 11:26:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\install
[2010/10/21 15:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jhanson\Local Settings\Application Data\Help
[2010/10/21 15:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jhanson\Application Data\Help
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 H:\OfflineSync\*.tmp files -> H:\OfflineSync\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 14:27:51 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2010/11/15 14:24:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/15 14:24:11 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1BDA0E8E-E8D9-4DAE-B888-E4EA19B5663F}.job
[2010/11/15 14:24:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 14:05:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhanson\Desktop\OTL.exe
[2010/11/15 13:47:44 | 000,013,161 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/11/15 13:23:05 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/15 13:16:38 | 000,081,474 | -H-- | M] () -- C:\Documents and Settings\jhanson\Application Data\jhansonlog.dat
[2010/11/15 13:01:03 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/15 10:33:25 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/12 07:30:24 | 000,033,511 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\team_kristin_lg.jpg
[2010/11/12 07:26:49 | 000,024,032 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\team_dustee_lg.jpg
[2010/11/11 11:26:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jhanson\Application Data\chrtmp
[2010/11/10 10:36:13 | 000,031,081 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Jack Holt - AFCEA Bethesda Senior Government Executive Dinner.jpg
[2010/11/08 12:53:51 | 001,047,552 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Law Enforcement IT Spending Priorities 2010 - Kevin Plexico, INPUT.ppt
[2010/11/08 12:52:45 | 002,434,106 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Safeguarding the Nation through Secure IT Border Initiatives - Kirit Amin, DOS.pptx
[2010/11/07 12:53:11 | 000,465,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 12:53:10 | 000,079,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/04 16:27:09 | 000,015,060 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Week 9 Lines.xlsx
[2010/11/03 09:28:22 | 001,623,755 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Fusion_Center_Program_Overview 11032010--Final1.pptx
[2010/10/31 17:45:31 | 000,072,476 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Halloween.jpg
[2010/10/30 13:51:03 | 000,015,200 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Week 8 Lines - 2010 Pick 8 REVISED.xlsx
[2010/10/30 13:48:15 | 000,015,198 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Week 8 Lines - 2010 Pick 8.xlsx
[2010/10/26 07:26:04 | 000,099,580 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Hallway.jpg
[2010/10/26 07:23:10 | 000,041,176 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Registration.jpg
[2010/10/24 18:12:36 | 000,037,825 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Jules and James - ahhh.jpg
[2010/10/24 16:09:02 | 000,015,205 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Week 7 Lines - 2010 Pick 7.xlsx
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 H:\OfflineSync\*.tmp files -> H:\OfflineSync\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 13:23:05 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/15 10:33:25 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/12 07:30:33 | 000,033,511 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\team_kristin_lg.jpg
[2010/11/12 07:26:59 | 000,024,032 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\team_dustee_lg.jpg
[2010/11/11 11:26:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jhanson\Application Data\chrtmp
[2010/11/10 10:40:13 | 000,031,081 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Jack Holt - AFCEA Bethesda Senior Government Executive Dinner.jpg
[2010/11/04 16:22:23 | 000,015,060 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Week 9 Lines.xlsx
[2010/11/03 10:52:29 | 001,623,755 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Fusion_Center_Program_Overview 11032010--Final1.pptx
[2010/11/03 10:48:23 | 001,047,552 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Law Enforcement IT Spending Priorities 2010 - Kevin Plexico, INPUT.ppt
[2010/11/02 21:29:54 | 002,434,106 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Safeguarding the Nation through Secure IT Border Initiatives - Kirit Amin, DOS.pptx
[2010/10/31 17:45:53 | 000,072,476 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Halloween.jpg
[2010/10/30 13:51:02 | 000,015,200 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Week 8 Lines - 2010 Pick 8 REVISED.xlsx
[2010/10/30 13:48:14 | 000,015,198 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Week 8 Lines - 2010 Pick 8.xlsx
[2010/10/26 07:26:21 | 000,099,580 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Hallway.jpg
[2010/10/26 07:23:38 | 000,041,176 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Registration.jpg
[2010/10/24 18:12:55 | 000,037,825 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Jules and James - ahhh.jpg
[2010/10/21 13:10:22 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Week 7 Lines - 2010 Pick 7.xlsx
[2009/11/23 14:20:11 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\jhanson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/23 13:39:00 | 000,013,161 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/11/19 13:41:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/19 12:27:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/11/19 11:32:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/19 05:31:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/04/07 21:16:43 | 000,081,474 | -H-- | C] () -- C:\Documents and Settings\jhanson\Application Data\jhansonlog.dat
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2009/11/19 11:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2009/11/23 13:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/11/15 14:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Dropbox
[2010/02/21 21:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Facebook
[2009/11/23 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Infineon
[2009/11/23 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Protector Suite
[2010/06/23 11:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\TechWizard
[2010/03/11 17:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/11/23 13:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Windows Desktop Search
[2010/03/04 07:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Windows Search
[2010/11/15 14:24:11 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1BDA0E8E-E8D9-4DAE-B888-E4EA19B5663F}.job

========== Purity Check ==========


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP