Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FakeRean infection.

Started by johnc123 , Jun 02 2011 04:03 PM

  • Please log in to reply

#1
johnc123
Posted 02 June 2011 - 04:03 PM

johnc123

    New Member

  • Member
  • Pip
  • 2 posts
Hello,

A couple of weeks ago I went to a site and was infected with a FakeRean virus. I was somewhat successfull in removing the virus from my computer with the use of; SpyBot Search and Destroy, MalewarBytes, Microsoft Security Essentials and Super AntiSpyware along with everal System Restores. The computer is about 95% back but I am still experiencing some hesitation with the mouse and with software. I ran OLT and was hoping that someone could take a look and see if there is anything still in there or if something needs to be reloaded. I have yet to try and reload my Vista OS as the computer seems to be running somewhat ok and I don;t want to make it worse. Here is the log from OLT. Any help would be appreciated.

OTL logfile created on: 6/2/2011 7:28:38 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Hank\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 39.24% Memory free
7.87 Gb Paging File | 5.60 Gb Available in Paging File | 71.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 208.13 Gb Free Space | 70.17% Space Free | Partition Type: NTFS

Computer Name: HANK-PC | User Name: Hank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 07:28:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Hank\Downloads\OTL.exe
PRC - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Hank\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2009/04/10 18:54:28 | 000,200,704 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2009/04/10 18:54:22 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2008/08/19 21:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/25 15:41:56 | 000,094,208 | ---- | M] () -- C:\Program Files\TrueSuite Access Manager\usbnotify.exe
PRC - [2008/07/10 17:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/07/10 17:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/06/27 18:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2008/04/17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/02/14 11:09:12 | 000,335,872 | ---- | M] (KYOCERA MITA Corporation) -- C:\Program Files (x86)\Kyocera\FileUtility\NsCatCom.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/09/16 16:50:18 | 000,061,440 | ---- | M] (KYOCERA MITA CORPORATION) -- C:\Program Files (x86)\Kyocera\FileUtility\SFUSVC.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 07:28:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Hank\Downloads\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 10:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/09/02 07:06:00 | 000,048,128 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\SysNative\TAMSvr.exe -- (Authentec memory manager)
SRV:64bit: - [2008/08/25 09:58:12 | 000,089,600 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/08/18 23:24:02 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/07/17 11:00:14 | 000,139,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2008/04/30 20:20:42 | 001,371,136 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 19:42:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/07 16:10:16 | 000,547,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2007/11/21 16:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Hank\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 02:05:06 | 001,532,000 | ---- | M] (The Firebird Project) [On_Demand | Stopped] -- C:\Program Files (x86)\DRoster\Firebird\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009/10/06 02:05:06 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Stopped] -- C:\Program Files (x86)\DRoster\Firebird\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009/04/01 19:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/16 20:31:12 | 000,906,752 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008/08/19 21:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/07/10 17:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/06/27 18:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/05/22 22:55:32 | 000,150,376 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/09/16 16:50:18 | 000,061,440 | ---- | M] (KYOCERA MITA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Kyocera\FileUtility\SFUSVC.exe -- (SFUSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/08/27 05:42:50 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/04/10 22:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/10/15 11:58:34 | 000,202,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2008/10/15 11:58:34 | 000,198,408 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2008/10/15 11:58:32 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2008/10/15 11:58:26 | 000,247,808 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2008/08/19 21:01:44 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/08/14 19:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/08/14 09:52:00 | 000,217,728 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV:64bit: - [2008/07/20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/06/30 05:52:44 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/06/26 16:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/12 18:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/05/23 03:07:40 | 000,051,328 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2008/05/13 16:15:56 | 000,076,288 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2008/05/02 13:59:48 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/28 06:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/04/23 17:14:48 | 000,165,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2008/03/25 13:54:26 | 000,049,152 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosporte.sys -- (tosporte)
DRV:64bit: - [2008/03/19 11:38:46 | 000,088,192 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2008/02/21 10:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/22 20:58:12 | 000,056,320 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV:64bit: - [2008/01/20 19:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/11 23:00:14 | 000,033,400 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2007/12/11 14:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/29 09:45:58 | 000,044,800 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 10:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/01/18 15:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/19 22:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/08 23:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/08 23:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2005/07/13 06:43:00 | 000,028,160 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV - [2008/10/15 11:58:34 | 000,028,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/10/19 14:05:38 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Program Files (x86)\NXP\FM Radio\OpenLibSysX64.sys -- (OpenLibSys)
DRV - [1999/08/10 14:51:58 | 000,034,916 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prospector.metrolist.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2011/03/21 08:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hank\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O13 - gopher Prefix: missing
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} https://crestedg.cen...geUploader5.cab (Image Uploader Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: AuthenticBrowserEdition https://vendors.isgn...wserEdition.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Hank\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Hank\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ab8dba2-2ce0-11e0-b5c8-00037a975677}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab8dba2-2ce0-11e0-b5c8-00037a975677}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
O33 - MountPoints2\{733a59c5-8ad0-11de-92eb-00216b45f2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{733a59c5-8ad0-11de-92eb-00216b45f2dc}\Shell\AutoRun\command - "" = F:\WIN\setup.exe
O33 - MountPoints2\{a0723fcb-33d4-11e0-a45a-00037a975677}\Shell - "" = AutoRun
O33 - MountPoints2\{a0723fcb-33d4-11e0-a45a-00037a975677}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 21:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/31 21:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/05/31 21:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/31 06:30:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/30 15:22:51 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\Utherverse
[2011/05/30 15:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Utherverse Digital Inc
[2011/05/29 22:17:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/26 19:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware(3)
[2011/05/26 19:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware(2)
[2011/05/26 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/05/16 09:45:30 | 000,007,040 | ---- | C] (SuperAdBlocker.com) -- C:\Windows\SysWow64\sabprocenum.sys
[2011/05/06 20:37:12 | 000,000,000 | ---D | C] -- C:\Users\Hank\Documents\Ulead DVD MovieFactory
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 05:40:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 05:40:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/01 21:46:46 | 000,723,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/01 21:46:46 | 000,617,790 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/01 21:46:46 | 000,109,902 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/01 21:40:55 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/06/01 21:40:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/01 21:40:43 | 4126,146,560 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/01 21:35:42 | 000,000,042 | ---- | M] () -- C:\Users\Hank\Documents\pwsafe.plk
[2011/06/01 19:44:55 | 000,001,458 | ---- | M] () -- C:\Users\Hank\Documents\cc_20110601_194452.reg
[2011/06/01 15:27:07 | 000,021,504 | ---- | M] () -- C:\Windows\jestertb.dll
[2011/06/01 11:35:32 | 000,014,848 | ---- | M] () -- C:\Users\Hank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 21:15:39 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/30 16:29:10 | 000,005,386 | ---- | M] () -- C:\Users\Hank\Documents\cc_20110530_162906.reg
[2011/05/29 22:17:30 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 22:14:53 | 000,005,972 | ---- | M] () -- C:\Users\Hank\AppData\Local\d3d9caps.dat
[2011/05/27 07:22:56 | 000,019,800 | ---- | M] () -- C:\Users\Hank\Documents\cc_20110527_072253.reg
[2011/05/26 21:23:32 | 000,053,438 | ---- | M] () -- C:\Users\Hank\Documents\cc_20110526_212328.reg
[2011/05/26 14:15:29 | 000,012,398 | -HS- | M] () -- C:\Users\Hank\AppData\Local\4256o56y1a8o6x33021iv38cljbeoo2456lvgt
[2011/05/26 14:15:29 | 000,012,398 | -HS- | M] () -- C:\ProgramData\4256o56y1a8o6x33021iv38cljbeoo2456lvgt
[2011/05/26 14:08:40 | 000,000,732 | ---- | M] () -- C:\Users\Hank\AppData\Local\d3d9caps64.dat
[2011/05/19 19:35:17 | 000,002,104 | ---- | M] () -- C:\Users\Hank\Documents\pwsafe.psafe3
[2011/05/18 17:49:56 | 000,005,520 | ---- | M] () -- C:\Users\Hank\Documents\cc_20110518_174952.reg
[2011/05/16 20:53:41 | 000,000,177 | ---- | M] () -- C:\ProgramData\LockFilePath.ini
[2011/05/16 09:45:30 | 000,007,040 | ---- | M] (SuperAdBlocker.com) -- C:\Windows\SysWow64\sabprocenum.sys
[2011/05/09 19:35:49 | 000,002,104 | ---- | M] () -- C:\Users\Hank\Documents\pwsafe.ibak
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/01 19:44:53 | 000,001,458 | ---- | C] () -- C:\Users\Hank\Documents\cc_20110601_194452.reg
[2011/06/01 15:27:07 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2011/05/31 21:15:39 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/30 16:29:08 | 000,005,386 | ---- | C] () -- C:\Users\Hank\Documents\cc_20110530_162906.reg
[2011/05/27 07:22:55 | 000,019,800 | ---- | C] () -- C:\Users\Hank\Documents\cc_20110527_072253.reg
[2011/05/26 21:23:30 | 000,053,438 | ---- | C] () -- C:\Users\Hank\Documents\cc_20110526_212328.reg
[2011/05/26 16:07:23 | 4126,146,560 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/26 13:49:30 | 000,000,732 | ---- | C] () -- C:\Users\Hank\AppData\Local\d3d9caps64.dat
[2011/05/26 13:27:56 | 000,012,398 | -HS- | C] () -- C:\Users\Hank\AppData\Local\4256o56y1a8o6x33021iv38cljbeoo2456lvgt
[2011/05/26 13:27:56 | 000,012,398 | -HS- | C] () -- C:\ProgramData\4256o56y1a8o6x33021iv38cljbeoo2456lvgt
[2011/05/23 14:47:50 | 000,000,042 | ---- | C] () -- C:\Users\Hank\Documents\pwsafe.plk
[2011/05/18 17:49:54 | 000,005,520 | ---- | C] () -- C:\Users\Hank\Documents\cc_20110518_174952.reg
[2011/04/29 21:58:15 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2011/03/11 23:02:48 | 000,099,548 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011/03/11 23:02:48 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011/02/07 20:41:21 | 000,000,177 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2011/01/25 22:43:22 | 000,024,088 | ---- | C] () -- C:\Users\Hank\AppData\Roaming\UserTile.png
[2011/01/25 18:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2011/01/24 16:25:51 | 000,000,180 | ---- | C] () -- C:\Windows\nscatch.ini
[2011/01/19 16:29:50 | 000,000,024 | ---- | C] () -- C:\Windows\qfnonl.ini
[2011/01/19 16:13:25 | 000,000,022 | ---- | C] () -- C:\Windows\INTUSB.DAT
[2011/01/19 16:11:21 | 000,000,107 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/01/19 16:11:19 | 000,006,838 | ---- | C] () -- C:\Windows\ICOADB32.DAT
[2010/04/10 20:59:28 | 000,000,552 | ---- | C] () -- C:\Users\Hank\AppData\Local\d3d8caps.dat
[2010/02/10 18:09:51 | 000,005,972 | ---- | C] () -- C:\Users\Hank\AppData\Local\d3d9caps.dat
[2010/02/03 18:18:37 | 000,738,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/25 15:06:12 | 000,014,848 | ---- | C] () -- C:\Users\Hank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/19 20:58:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/19 20:57:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/19 20:56:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 21:04:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/19 19:52:48 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/10/15 11:58:34 | 000,028,808 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2008/09/09 13:11:01 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/09 12:14:11 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/09/09 12:14:11 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/09/09 12:14:11 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/09/09 12:14:11 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/09/09 12:14:11 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/09/09 12:14:11 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/09/09 11:55:49 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/06/12 18:49:22 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/06/12 18:49:22 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/06/12 18:49:22 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

< End of report >

Thanks, John.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP