THINKPOINT removed, hopefully?? BUT, now another problem arrived...

View previous topic View next topic Go down

THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 2:11 am

alright, so i followed all instructions thus far from these forums... OTL, then RKILLA, and then malware bytes... the THINKPOINT appears to be gone, but now my laptop goes into the blue screen of death, and i have to turn the computer off... same thing keeps happening... here is the OTL logs...

OTL logfile created on: 10/18/2010 7:05:35 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 784.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 54.82 Gb Free Space | 58.85% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 18:31:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/04/20 11:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe


========== Modules (SafeList) ==========

MOD - [2010/10/18 18:31:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/02/10 00:01:49 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/08/11 19:09:18 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/27 12:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DMusic.sys -- (DMusic)
DRV - [2010/10/18 17:44:34 | 000,841,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\smsivzam5.sys -- (SMSIVZAM5)
DRV - [2009/11/24 15:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 15:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 15:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/15 03:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 03:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 03:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/01/21 12:49:40 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/07 05:36:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/08/09 16:43:00 | 003,855,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246}: C:\Documents and Settings\Owner\Local Settings\Application Data\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246} [2010/10/18 17:42:24 | 000,000,000 | ---D | M]

[2010/05/01 02:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/01 02:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/10/07 09:06:22 | 000,002,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Hqomixudu] C:\WINDOWS\awekisoxebuxe.DLL (MPC-HC Team)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [oxmencarsw.tmp] C:\Documents and Settings\Owner\Local Settings\Temp\oxmencarsw.tmp ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [bbotxxxxxx.exe] C:\bbotxxxxxx.exe\bbotxxxxxx.exe (XeLgbt5pL)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Program Files\WePrint\WePrint Server.exe (EuroSmartz Ltd)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\BlackBerry\wallpapers\brooklyn bridge.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\BlackBerry\wallpapers\brooklyn bridge.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/29 11:46:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e54aee1b-53bf-11df-8b9e-00014aca0f2e}\Shell - "" = AutoRun
O33 - MountPoints2\{e54aee1b-53bf-11df-8b9e-00014aca0f2e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e54aee1b-53bf-11df-8b9e-00014aca0f2e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/18 18:43:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/18 18:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/10/18 18:41:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/18 18:41:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/18 18:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/18 18:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/18 18:41:24 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/10/18 18:37:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/18 18:37:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/18 18:37:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/18 18:37:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/18 18:37:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/18 18:37:27 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2010/10/18 18:37:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/18 18:31:26 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/18 18:25:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/10/18 17:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/18 17:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/18 17:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246}
[2010/10/18 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/18 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ozec
[2010/10/18 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Iker
[2010/10/18 17:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/10/18 17:39:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/18 17:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\A10DFFEE3DDF0ED363D35DEF678DEA61
[2010/10/14 15:04:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010/10/14 15:04:08 | 001,289,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2010/10/14 15:04:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2010/10/14 15:04:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/10/14 15:03:39 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/14 15:03:38 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 15:03:38 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 15:03:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/05 04:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/05 04:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/18 19:06:55 | 000,841,216 | ---- | M] () -- C:\WINDOWS\System32\drivers\Fdc.sys
[2010/10/18 19:04:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/18 19:02:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/18 18:46:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/18 18:41:35 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/10/18 18:40:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/18 18:36:44 | 003,879,667 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2010/10/18 18:31:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/18 17:55:32 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\completescan
[2010/10/18 17:42:26 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ysiru.dat
[2010/10/18 17:42:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ekazohitozofane.bin
[2010/10/18 17:41:55 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\install
[2010/10/18 17:41:13 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010/10/18 17:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/18 17:19:55 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D234445B-94E0-465E-BAC5-C146C4ABF596}.job
[2010/10/18 04:07:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/18 04:07:27 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/18 03:56:32 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/18 03:56:32 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/18 03:12:30 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/14 14:34:07 | 000,035,502 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG00136-20101014-1406.jpg
[2010/10/05 04:50:10 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/09/22 19:31:02 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\WePrint Server.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/18 18:46:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/18 18:37:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/18 18:37:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/18 18:37:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/18 18:37:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/18 18:37:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/18 18:36:23 | 003,879,667 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2010/10/18 17:55:32 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\completescan
[2010/10/18 17:42:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ysiru.dat
[2010/10/18 17:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ekazohitozofane.bin
[2010/10/18 17:41:55 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\install
[2010/10/18 17:41:13 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
[2010/10/14 14:31:17 | 000,035,502 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG00136-20101014-1406.jpg
[2010/10/05 04:50:10 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/10/05 04:49:55 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/31 01:17:27 | 000,188,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/26 13:51:45 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Rim.Desktop.Exception.log
[2010/08/10 20:53:48 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/06/10 15:47:19 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 03:14:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2010/04/29 23:54:20 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BBMS_EXCEPTION.txt
[2010/04/29 12:03:16 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/29 12:03:14 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/04/29 12:03:14 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/29 12:03:14 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/29 12:03:13 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/04/29 12:03:12 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/29 06:32:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/20 11:25:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2008/04/14 05:00:00 | 000,841,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fdc.sys
[2008/04/14 05:00:00 | 000,027,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fdc.sys.bak
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >


darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 2:12 am

OTL Extras logfile created on: 10/18/2010 7:05:35 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 784.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 54.82 Gb Free Space | 58.85% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{82339173-1D3C-4499-B997-8D65E227592D}" = VZAccess Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9E158BB9-37B9-464B-837E-CC1D5766291B}" = VAIO Update 3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E37E645E-4A0C-4D9E-B30A-7B19E797E743}" = BlackBerry USB Drivers
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast!" = avast! Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"SpeedFan" = SpeedFan (remove only)
"Unlocker" = Unlocker 1.8.7
"WePrint" = WePrint
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"MLQTSource" = MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/26/2010 6:47:39 AM | Computer Name = ANONYMOUS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/26/2010 6:47:39 AM | Computer Name = ANONYMOUS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4563

Error - 6/26/2010 6:47:39 AM | Computer Name = ANONYMOUS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4563

Error - 6/26/2010 6:47:42 AM | Computer Name = ANONYMOUS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/26/2010 6:47:42 AM | Computer Name = ANONYMOUS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7625

Error - 6/26/2010 6:47:42 AM | Computer Name = ANONYMOUS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7625

Error - 6/26/2010 6:47:45 AM | Computer Name = ANONYMOUS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/26/2010 6:47:45 AM | Computer Name = ANONYMOUS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10094

Error - 6/26/2010 6:47:45 AM | Computer Name = ANONYMOUS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10094

Error - 6/26/2010 7:48:19 AM | Computer Name = ANONYMOUS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 10/18/2010 9:36:23 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/18/2010 9:45:43 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/18/2010 9:46:41 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP DMICall Fips intelppm

Error - 10/18/2010 9:56:20 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/18/2010 9:58:58 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 10/18/2010 9:58:58 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 10/18/2010 10:03:25 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 10/18/2010 10:03:25 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 10/18/2010 10:05:19 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/18/2010 10:06:17 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP DMICall Fips intelppm


< End of report >

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 2:13 am

any insight from someone more highly gifted at computers would be GREATLY appreciated...

and PS - anyone that says watching videos from channel131 website won't get you viruses are lying, lolol... this is what i get for watching resident evil: afterlife... *sigh*

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Tue Oct 19, 2010 4:53 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :otl
    FF - HKLM\software\mozilla\Firefox\Extensions\\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246}: C:\Documents and Settings\Owner\Local Settings\Application Data\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246} [2010/10/18 17:42:24 | 000,000,000 | ---D | M]
    O4 - HKLM..\Run: [Hqomixudu] C:\WINDOWS\awekisoxebuxe.DLL (MPC-HC Team)
    O4 - HKLM..\Run: [oxmencarsw.tmp] C:\Documents and Settings\Owner\Local Settings\Temp\oxmencarsw.tmp ()
    O4 - HKCU..\Run: [bbotxxxxxx.exe] C:\bbotxxxxxx.exe\bbotxxxxxx.exe (XeLgbt5pL)
    [2010/10/18 17:55:32 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\completescan
    [2010/10/18 17:42:26 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ysiru.dat
    [2010/10/18 17:42:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ekazohitozofane.bin
    [2010/10/18 17:41:55 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\install

    :commands
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 5:10 am

didn't work, that blue screen came back up right away after reboot, couldn't even log onto windows... I noticed the thing you you wanted me to copy and paste said Mozilla / firefox, does it matter that I'm using windows explored? I took a picture of it with my cell phone, do you have somewhere i can email it to by any chance?

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 5:13 am

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246}\ not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246}\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246}\chrome folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{68D4B3CD-C7E0-4B95-94BA-DD5EFD9B4246} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Hqomixudu deleted successfully.
C:\WINDOWS\awekisoxebuxe.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\oxmencarsw.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\oxmencarsw.tmp moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bbotxxxxxx.exe deleted successfully.
C:\bbotxxxxxx.exe\bbotxxxxxx.exe moved successfully.
C:\Documents and Settings\Owner\Application Data\completescan moved successfully.
C:\WINDOWS\Ysiru.dat moved successfully.
C:\WINDOWS\Ekazohitozofane.bin moved successfully.
C:\Documents and Settings\Owner\Application Data\install moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Custom Settings

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 146740 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24775882 bytes
->Flash cache emptied: 5565 bytes

User: Owner
->Temp folder emptied: 985701169 bytes
->Temporary Internet Files folder emptied: 29566125 bytes
->Java cache emptied: 12172380 bytes
->Flash cache emptied: 118385 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156899429 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 3000246 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,156.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10182010_220049

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\cas[1].txt moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\cas_blank[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\fp_sir[1].jpg moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\gv2_emercial_back2[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\lysol_whathappened_rev_us_450x360_h264[1].mp4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\L[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\yb-business[1].php not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\544b3343753079394a59774141693053[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\;subTagID=100;subTagName=;clickTrack=;impactTrack=;cb=1087282427[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\afr[1].php moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\audmeasure[1].gif not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\cas[1].txt moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\getAds[1].jsp not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\gv2_emercial_back2[1].gif moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\p-01-0VIaSjnOLg[1].gif not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\yb-business[1].php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\01&1044904477[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\01[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\544b3343753079394a59774141693053[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\544b3343753079394a59774141693053[5].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\;subTagID=100;subTagName=;clickTrack=;impactTrack=;cb=644126831[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\afr[2].php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\bg-nav-bar[1].gif not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\gameInProgress[1].php moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\guide[1].aspx not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\p-01-0VIaSjnOLg[1].gif not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\read[1].txt moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\;subTagID=100;subTagName=;clickTrack=;impactTrack=;cb=1999347574[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\accuweather_com[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\aceUACping[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\afr[1].php moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\afr[2].php not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\beyondthedow_com[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\cas[1].txt moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\cas_blank[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\cas_blank[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\grab[1].cur moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\lysol_relentlesspursuit_us_linear_450x360_h264[1].mp4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\sh24[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\tpp4[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\CVFJ3EXU\cdn1.telemetryverification.net\mb.sol moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1YXUKHKP\thinkpoint-removed-hopefully-but-now-another-problem-arrived-t24242[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\WINDOWS\temp\fla11.tmp not found!
File\Folder C:\WINDOWS\temp\fla12.tmp not found!
File\Folder C:\WINDOWS\temp\fla13.tmp not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\cas[1].txt not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\cas_blank[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\fp_sir[1].jpg not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\gv2_emercial_back2[1].gif not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\lysol_whathappened_rev_us_450x360_h264[1].mp4 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\L[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPMNIHYZ\yb-business[1].php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\544b3343753079394a59774141693053[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\;subTagID=100;subTagName=;clickTrack=;impactTrack=;cb=1087282427[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\afr[1].php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\audmeasure[1].gif not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\cas[1].txt not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\getAds[1].jsp not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\gv2_emercial_back2[1].gif not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\p-01-0VIaSjnOLg[1].gif not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9SP1NGB\yb-business[1].php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\01&1044904477[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\01[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\544b3343753079394a59774141693053[4].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\544b3343753079394a59774141693053[5].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\;subTagID=100;subTagName=;clickTrack=;impactTrack=;cb=644126831[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\afr[2].php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\bg-nav-bar[1].gif not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\gameInProgress[1].php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\guide[1].aspx not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\p-01-0VIaSjnOLg[1].gif not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W1TP3XC9\read[1].txt not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\;subTagID=100;subTagName=;clickTrack=;impactTrack=;cb=1999347574[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\accuweather_com[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\aceUACping[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\afr[1].php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\afr[2].php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\beyondthedow_com[1].txt not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\cas[1].txt not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\cas_blank[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\cas_blank[2].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\grab[1].cur not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\lysol_relentlesspursuit_us_linear_450x360_h264[1].mp4 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\sh24[1].html not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GN2TV83F\tpp4[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\CVFJ3EXU\cdn1.telemetryverification.net\mb.sol not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1YXUKHKP\thinkpoint-removed-hopefully-but-now-another-problem-arrived-t24242[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat not found!
File\Folder C:\WINDOWS\temp\fla11.tmp not found!
File\Folder C:\WINDOWS\temp\fla12.tmp not found!
File\Folder C:\WINDOWS\temp\fla13.tmp not found!

Registry entries deleted on Reboot...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Tue Oct 19, 2010 5:17 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 5:20 am

this is the blue screen that keeps coming up...


darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 5:21 am

but it doesn't come up when i load up in safe mode??

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Tue Oct 19, 2010 5:22 am

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Then, try MBAM.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 5:28 am

do i start to panic now??

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4876

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/18/2010 10:25:31 PM
mbam-log-2010-10-18 (22-25-31).txt

Scan type: Quick scan
Objects scanned: 138112
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Tue Oct 19, 2010 5:31 am

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 7:43 am

still scanning... =(

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Tue Oct 19, 2010 9:31 am

ok


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 9:41 am

is it normal to take this long? I just glanced at the screen and it's only halfway through the custom scan...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Tue Oct 19, 2010 9:42 am

Yes, it takes a while. It is well worth it, believe me.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 9:46 am

alright, you're the resident expert, I just follow instructions, lol... I just don't get how this happened? all I had open was gmail and ch131.com which I was told is virus / Trojan free? lol

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Tue Oct 19, 2010 9:48 am

Actually, it is a phishing site:

Info Via: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 9:52 am

how sad is it that I just had to wikipedia "phishing" ?? lol... *sigh*

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 2:56 pm

is it over?? please tell me good news... i'm gonna pass out now, the damn dr.web JUST finished...

Fdc.sys;C:\WINDOWS\system32\drivers;Trojan.Packed.140;Deleted.;
A0002015.dll;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.20961;Incurable.Moved.;
A0002016.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002017.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002018.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002019.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002020.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002021.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002022.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002023.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002024.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002025.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002026.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002027.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002028.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002029.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002030.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002031.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002032.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002033.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002034.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002035.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002036.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002037.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002038.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002039.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002040.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002041.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002042.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002043.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002044.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002045.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002046.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
A0002048.exe;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Siggen2.5194;Incurable.Moved.;
A0009099.sys;C:\System Volume Information\_restore{6E532223-F595-472D-9374-5FBA01B53D99}\RP0;Trojan.Packed.140;Deleted.;
Fdc.sys;C:\WINDOWS\system32\drivers;Trojan.Packed.140;Deleted.;

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Tue Oct 19, 2010 5:40 pm

Good work. Let's move on. I need to check something.

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    fdc.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 8:12 pm

doing it now... but the blue screen still pops up incidentally... =(

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 19, 2010 8:40 pm

okay, so there is still definately something wrong with my computer still... when i try to go to GeekPolice website, it keeps directing me elsewhere, even if i try going through google and the long way to the website, AND, i am still getting that blue screen when i'm not in safe mode... =( but here is the info you requested...

SystemLook 04.09.10 by jpshortstuff
Log created at 13:24 on 19/10/2010 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "fdc.sys"
C:\WINDOWS\system32\drivers\Fdc.sys --a---- 841216 bytes [12:00 14/04/2008] [20:28 19/10/2010] (Unable to calculate MD5)

-= EOF =-

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Wed Oct 20, 2010 3:00 am

anyone help please?? i just got a notice from road runner internet that i have 24 hours to fix the virus otherwise they might suspend / cancel my internet service, lol...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Wed Oct 20, 2010 8:30 am

bump?? :sad:

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Wed Oct 20, 2010 8:31 am

Please be patient. We all work very busy lives, and forums are just our hobby work. However, still taking all of our tasks seriously, we cannot compete by ourselves with all of the virus makers. We have tons to work for, so we cannot usually get to everyone more than once a day.

Do you have a XP cd?

We need to replace a file that is infected. It is the same file that keeps on spawning the blue screen of death.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Wed Oct 20, 2010 8:34 am

sorry if i seem impatient, but i have never seen the warning message from an internet provider before... i don't want to find out if they are bluffing about cancelling my internet service, lol...

and no, i no longer have any of the xp disks...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Wed Oct 20, 2010 8:40 am

If they did not tell you directly, then I would not worry about it. It may be a scare tactic by the malware.

It may be able to be disinfected with this removal disc:

  • [You must be registered and logged in to see this link.]
    If you encounter problems running the RescueDisk, you can get further assistance at the [You must be registered and logged in to see this link.].
If you are not sure how to burn an image, please read [You must be registered and logged in to see this link.]. If you need a FREE utility to burn the ISO image, download and use [You must be registered and logged in to see this link.].

Let me know how it goes.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Wed Oct 20, 2010 8:42 am

they did tell me directly, it was a message from roadrunner themselves... *crap* thank you though for all your assistance and patience...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Wed Oct 20, 2010 9:19 pm

Contact them back, and tell them to hold off, as you are in the process of getting professional help on removal. Tell them it takes a bit longer than just a day or two to get it disinfected.

Let me know on the progress of the Kaspersky rescue disc.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Wed Oct 20, 2010 9:23 pm

running it again as we speak... said some of the viruses are "postponed" ?? option B is to take a bullet to the laptop...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Wed Oct 20, 2010 9:53 pm

so this is from the first scan... what does the malfunction and postponed mean??

Objects Scan: malfunction (events: 3, objects: 2, time: Unknown)

10/20/10 3:18 AM Task started

10/20/10 4:49 AM Detected: Trojan.Win32.Clicker.hd C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002048.exe/data0004

10/20/10 4:49 AM Untreated: Trojan.Win32.Clicker.hd C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002048.exe/data0004 Postponed


Objects Scan: completed 1 hour ago (events: 17, objects: 368315, time: 06:43:17)

10/20/10 6:35 AM Task started

10/20/10 7:58 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll

10/20/10 7:58 AM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll Postponed

10/20/10 8:23 AM Detected: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir

10/20/10 8:23 AM Untreated: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir Postponed

10/20/10 8:26 AM Detected: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX

10/20/10 8:26 AM Untreated: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX Postponed

10/20/10 8:26 AM Detected: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe

10/20/10 8:26 AM Untreated: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe Postponed

10/20/10 8:35 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll

10/20/10 1:18 PM Detected: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir

10/20/10 1:18 PM Deleted: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir

10/20/10 1:18 PM Detected: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe

10/20/10 1:18 PM Deleted: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe

10/20/10 1:18 PM Detected: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX

10/20/10 1:18 PM Deleted: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe

10/20/10 1:18 PM Task completed


Objects Scan: running (events: 3, objects: 158691, time: 01:21:47)

10/20/10 1:23 PM Task started

10/20/10 1:25 PM Task stopped

10/20/10 1:29 PM Task started


darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Wed Oct 20, 2010 9:58 pm

It means that the removal tool found the threats in a Quarantine folder (where they belong), but cannot remove them, because the quarantine is locked. But, they are safe to be in quarantine, so that is not a big deal.

We need to figure out how to disinfect fdc.sys.

Please give me a few hours, as I have to contact a couple of colleagues on obtaining the correct file replacement for your operating system.

As of right now, you can tell RoadRunner, that your computer is disinfected.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Wed Oct 20, 2010 10:05 pm

thank you for the better news !!! lol... look forward to your reply...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Thu Oct 21, 2010 2:12 am

Hi.

Thanks for your patience. I have obtained a copy of the file.

Please download ComboFix from [You must be registered and logged in to see this link.]

Save it to your Desktop, and do NOT run it, yet.


===========

Then, download this file: [You must be registered and logged in to see this link.]
and save it to your Desktop, and do NOT run it, either.

===========

Running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    FCopy::
    C:\documents and settings\owner\desktop\fdc.sys | C:\windows\system32\drivers\fdc.sys
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.



NOTE:
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Thu Oct 21, 2010 2:36 am

Well, I'm not sure what to do at this point... roadrunner shut me down, and the department they need me to speak with is already closed for the day... =( I got slapped with the "unacceptable activity" notice...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Thu Oct 21, 2010 2:42 am

I'm responding from my blackberry incidently, so if it takes me awhile to respond or you don't hear anything for awhile, you know why... I hate viruses, I hate hackers (the bad ones, lol) and I hate channel 131... Suspect and I guess I can blame myself as well, lol...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Thu Oct 21, 2010 3:07 am

i can't download the FDC thing... getting an error message and it says it can't download from the source file or disk...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Fri Oct 22, 2010 3:13 am

Are you sure you clicked Save and not Open when the file began download?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Fri Oct 22, 2010 3:14 am

yes...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Fri Oct 22, 2010 6:48 am

I'm back up and running on the Internet, now I just need the blue screen of death to go away...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Fri Oct 22, 2010 9:04 am

Let's try this once more...

(If you have ComboFix already downloaded...good, no need to download again.)

Please download ComboFix from [You must be registered and logged in to see this link.]

Save it to your Desktop, and do NOT run it, yet.


===========

Then, download this file: [You must be registered and logged in to see this link.]
and save it to your Desktop, and do NOT run it, either.

===========

Running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    FCopy::
    C:\documents and settings\owner\desktop\fdc.sys | C:\windows\system32\drivers\fdc.sys
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.



NOTE:
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Sun Oct 24, 2010 7:28 am

sorry for the delay, i had to go out of town for a couple of days... but i'm back now and the link didn't work... won't let me download, gives me the same error message... :sad:

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Sun Oct 24, 2010 9:01 am

here is what it says...

"cannot copy FDC[1]: cannot read from source file or disk..."

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Sun Oct 24, 2010 6:25 pm

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Sun Oct 24, 2010 7:17 pm

I've been doing all this from safe mode unfortunately, otherwise I can't get onto the computer, or rather log into windows... I get that blue screen shortly after logging in...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on Mon Oct 25, 2010 8:09 pm

1. Please download [You must be registered and logged in to see this link.] by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to move:
C:\documents and settings\owner\desktop\fdc.sys | C:\windows\system32\drivers\fdc.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on Tue Oct 26, 2010 12:27 am

on reboot, hits the blue screen of death... and i tried running the program and rebooting back into safemode, and it does nothing...

i'm seriously contemplating taking a .40 bullet to the laptop right about now, lol...

darinlee
Novice
Novice

Status :
Online
Offline

Posts : 31
Joined : 2010-10-19
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum