GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

How can I remove Thinkpoint malware

View previous topic View next topic Go down

How can I remove Thinkpoint malware

Post by Darryl Goddard on Tue Oct 19, 2010 5:32 am

OTL Extras logfile created on: 18/10/2010 10:15:42 p.m. - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 215.69 Gb Total Space | 187.66 Gb Free Space | 87.00% Space Free | Partition Type: NTFS

Computer Name: DADDYOS | User Name: Apple | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe" = C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe:*:Enabled:igateway -- File not found
"C:\Program Files\ABControl\ABClient.exe" = C:\Program Files\ABControl\ABClient.exe:*:Enabled:AB Client Application -- File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (SpeedBit Ltd.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{141048B3-B8BB-11D3-9411-0000F87E1467}" = PTC ProDESKTOP 2000i2
"{223F8A0E-65E0-4810-9253-6F754147F70F}" = Flsh8_0Licensing
"{23170F69-40C1-2701-0442-000001000000}" = 7-Zip 4.42
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4919486B-3A27-4BEE-A031-AEB37EC87838}" = Quicktime32_2.1
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{5D0930A3-1033-433A-8BB9-603665550DD1}" = Windows XP Service Pack 3 (1033)
"{5ECF0228-B96C-469C-86AA-98FE6DCF8624}" = Fireworks8_0_Licensing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A47E39E8-1091-453C-A671-70AC3C42A284}" = Dreamweaver8_0_Licensing
"{A52911E5-8B20-49D6-96B2-5A98F88ECB4A}" = Flash8VideoEncoder1_0
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD0EDFDB-BEA2-453A-B7DF-BE64787F0FBA}" = QuickTime2.12
"{BBB4EC68-AB0B-43F1-8009-DFFF21694E94}" = Inspiration7.5
"{BF0517BA-240B-471F-824B-3BAA55A12857}" = New Zealand Maori Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{EA76B918-A3A4-4F83-9BA6-4EB336F798E0}" = asTTle4
"{EC593928-8F88-4BD6-9B1A-3AE159E9BBC8}" = TVNZEncyclopedia
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"02FEC2FAAA7DED51CAF15F06DB8B63E735EE735C" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (04/06/2008 2.1.0.1)
"059BF941BA77F24DED9444B45BB0DAA5353F86EB" = Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)
"0936416DB5978E29D553FACF9DD6F3EFBA1929DA" = Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
"0EEF0136F93FA6C5AB723AADEA61FF550D8C60FB" = Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)
"144A90A8644F24BDCA0607CBAE7F90C2F5427DA4" = Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)
"181B29655BDD6EA3FC483A7E4D1C2ED7735873F0" = Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"2CA2C2712E3120F27F44A38A6FA5540D9A93CA01" = Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6784A318842714811EC3F8409C3C0F7983B90972" = Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"6AEF368351694A266BAB82596EEA968C73E8FC87" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"8461-7759-5462-8226" = Vuze
"850625E38080EAF5C2644C07A2510A394019973D" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"9B19F92D5E3730EA8D0788B248741F6CC2633DBE" = Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"AD3F97DB12E1CE21FA0120AB7CE80FADD54FC0AB" = Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"BFG-Bookworm Adventures" = Bookworm Adventures
"BFGC" = Big Fish Games: Game Manager
"BFG-Geisha - The Secret Garden" = Geisha: The Secret Garden
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst
"C71CD722DD357F78301EAEA028431241C2D91890" = Windows Driver Package - Apple Inc. System (09/12/2007 2.0.1.1)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"D922ADD1498E7464ED76231D79D703FC1320C80C" = Windows Driver Package - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12)
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"F5A89004299B5282B8B5D7D9F7253FF13C58628F" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)
"ffdshow_is1" = ffdshow v1.1.3452 [2010-05-24]
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"LHTTSENG" = L&H TTS3000 British English
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Shockwave" = Shockwave
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2010 3:00:51 a.m. | Computer Name = DADDYOS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 4:39:04 p.m. | Computer Name = DADDYOS | Source = Application Error | ID = 1000
Description = Faulting application bfgclient.exe, version 2.0.0.3, faulting module
urlmon.dll, version 8.0.6001.18939, fault address 0x00004ffc.

Error - 13/10/2010 12:14:28 a.m. | Computer Name = DADDYOS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/10/2010 3:51:34 a.m. | Computer Name = DADDYOS | Source = MsiInstaller | ID = 1013
Description = Product: Symantec Endpoint Protection -- LiveUpdate is currently running.
Please wait for LiveUpdate to complete before continuing.

Error - 13/10/2010 3:51:40 a.m. | Computer Name = DADDYOS | Source = MsiInstaller | ID = 1013
Description = Product: Symantec Endpoint Protection -- LiveUpdate is currently running.
Please wait for LiveUpdate to complete before continuing.

Error - 13/10/2010 4:05:51 a.m. | Computer Name = DADDYOS | Source = MsiInstaller | ID = 1013
Description = Product: Symantec Endpoint Protection -- LiveUpdate is currently running.
Please wait for LiveUpdate to complete before continuing.

Error - 13/10/2010 11:30:28 p.m. | Computer Name = DADDYOS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/10/2010 11:31:11 p.m. | Computer Name = DADDYOS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/10/2010 11:57:23 p.m. | Computer Name = DADDYOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 19/10/2010 12:17:58 a.m. | Computer Name = DADDYOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 4/09/2010 6:43:01 a.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 4/09/2010 5:49:53 p.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 5/09/2010 2:38:20 a.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 7/09/2010 5:05:52 a.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 10/09/2010 5:08:52 p.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 16/09/2010 3:29:36 a.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 27/09/2010 1:00:19 a.m. | Computer Name = DADDYOS | Source = BTHUSB | ID = 327697
Description = The local Bluetooth radio has failed in an undetermined manner and
will be unloaded.

Error - 27/09/2010 11:42:31 p.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 1/10/2010 10:20:53 p.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 5/10/2010 1:19:22 a.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.


< End of report >

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by TheAvatar on Tue Oct 19, 2010 9:18 am

Hi could you please post the OTL.txt log from OTL.

Thanks.


- The Avatar
GeekPolice.net Adviser
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Wed Oct 20, 2010 3:54 am

Hi, sorry but I'm new to all this. Where do I find the OTL.txt log you require.

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Wed Oct 20, 2010 4:00 am

OTL logfile created on: 18/10/2010 10:15:42 p.m. - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 215.69 Gb Total Space | 187.66 Gb Free Space | 87.00% Space Free | Partition Type: NTFS

Computer Name: DADDYOS | User Name: Apple | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 22:14:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.com
PRC - [2010/09/03 02:07:16 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/09/03 02:07:14 | 001,607,272 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/09/03 02:07:14 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/08/28 21:01:30 | 002,835,968 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/08/20 12:45:26 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/05 16:18:54 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/05 16:18:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/05 16:18:48 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/10/05 16:18:47 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/10/05 16:18:44 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/15 16:44:30 | 000,423,216 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2008/04/15 16:44:30 | 000,132,400 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2008/04/15 16:44:30 | 000,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2008/04/15 15:31:18 | 000,147,456 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\IRW.exe
PRC - [2008/04/13 10:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 20:59:29 | 000,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/18 22:14:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/10/05 16:19:05 | 000,357,704 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\sysfer.dll
MOD - [2008/04/13 10:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/03 02:07:16 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/10/05 16:18:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/05 16:18:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/05 16:18:48 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/10/05 16:18:47 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/05 16:18:44 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/03/30 19:13:44 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/15 16:44:30 | 000,132,400 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2008/04/15 16:44:30 | 000,099,632 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2007/10/08 20:59:29 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/08/13 15:31:48 | 000,036,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2010/03/05 13:30:13 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100305.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/03/05 13:30:13 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/05 13:30:13 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100305.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/02 14:24:57 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/10/06 19:33:54 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/05 16:19:04 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/10/05 16:18:56 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/05 16:18:56 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/05 16:18:56 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/05 16:18:50 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/10/05 16:18:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/10/05 16:18:33 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/05 16:18:33 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/10/05 16:18:31 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/10/05 16:18:28 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/09/17 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/04/15 16:44:30 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/04/15 16:44:30 | 000,005,504 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2008/04/15 15:33:14 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/15 15:32:06 | 000,017,664 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iSightUP.sys -- (iSightUpdate)
DRV - [2008/04/15 15:32:06 | 000,007,680 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iSightFT.sys -- (DevUpper)
DRV - [2008/04/15 15:31:18 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/04/15 15:30:29 | 000,019,968 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2008/04/15 15:29:47 | 000,009,088 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applebt.sys -- (applebt)
DRV - [2008/04/15 15:29:18 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 03:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/08 21:58:02 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/08 21:56:08 | 000,007,424 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BthKicker.sys -- (BthKicker)
DRV - [2007/10/08 20:59:30 | 001,177,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.internal.faircol.school.nz"
FF - prefs.js..network.proxy.http: "172.16.0.5"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "*.internal.faircol.school.nz, 172.16.*"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 1


[2010/03/23 01:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/14 14:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\polk68qq.default\extensions
[2010/06/14 14:29:26 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\polk68qq.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

O1 HOSTS File: ([2009/08/30 02:17:27 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\TBUCA\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\TBUCA\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUCA\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUCA\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IRW] C:\WINDOWS\system32\IRW.exe (Apple Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe File not found
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - HKLM..\RunOnce: [NSSInstallation] C:\Program Files\DivX\Symantec\scstubinstaller.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Administrator\Application Data\hotfix.exe) - C:\Documents and Settings\Administrator\Application Data\hotfix.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/14 22:39:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{F5A0A4CC-9754-49F0-8D8D-F8040DE85700} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (60812205720862720)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - M

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Wed Oct 20, 2010 4:01 am

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{F5A0A4CC-9754-49F0-8D8D-F8040DE85700} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (60812205720862720)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/09 22:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\KingArthur
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/18 22:06:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/18 20:22:10 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Install_NSS.lnk
[2010/10/18 20:14:07 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\SpeedOptimizer Startup.job
[2010/10/18 20:11:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/18 20:11:01 | 2131,046,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 20:29:00 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/16 19:22:56 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\start
[2010/10/16 19:00:49 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\install
[2010/10/16 18:59:28 | 000,594,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\hotfix.exe
[2010/10/16 18:59:28 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\2964.bat
[2010/10/16 18:01:19 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 17:38:19 | 000,001,372 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/10/12 20:50:48 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/10/12 20:50:48 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/10/08 16:25:17 | 000,001,188 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/10/08 16:15:32 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/10/08 16:15:32 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/10/07 00:02:35 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 00:02:35 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/01 22:56:00 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/18 20:22:10 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Install_NSS.lnk
[2010/10/16 19:22:56 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\start
[2010/10/16 19:00:49 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\install
[2010/10/16 18:59:28 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\2964.bat
[2010/10/16 18:59:27 | 000,594,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\hotfix.exe
[2010/10/13 00:48:52 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/10/08 16:25:17 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/08/16 23:33:09 | 000,001,071 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/08/13 13:39:13 | 000,000,223 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/03 02:32:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/19 01:00:12 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/06/16 19:55:00 | 000,000,066 | ---- | C] () -- C:\WINDOWS\PTVIEW.INI
[2010/06/16 19:54:30 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2010/06/14 15:31:42 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/25 15:25:23 | 000,000,183 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/03/14 16:38:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/03/14 16:02:40 | 000,000,530 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/03/14 16:02:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\ptmv.INI
[2009/03/14 15:55:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/14 14:14:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/09 18:22:17 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2004/08/03 03:59:20 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[1998/05/05 23:19:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2009/03/14 22:39:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/14 22:33:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/23 22:29:59 | 000,001,312 | ---- | M] () -- C:\CKINFO.TXT
[2009/03/14 22:39:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/18 20:11:01 | 2131,046,400 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/14 22:39:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/14 22:39:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/04 08:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2004/08/03 03:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/27 18:23:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/18 20:10:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/03/15 14:21:26 | 000,000,573 | ---- | M] () -- C:\RHDSetup.log
[2010/03/17 03:58:39 | 000,000,000 | ---- | M] () -- C:\t1jg.3

< %PROGRAMFILES%*. >
[2009/03/14 15:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/06/18 19:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\ABControl
[2010/03/23 01:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2009/06/18 17:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/14 15:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\asTTle
[2010/10/08 16:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2010/07/14 22:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bookworm Adventures
[2009/03/15 14:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Boot Camp
[2009/10/06 19:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2010/07/16 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/14 22:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/14 14:29:18 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/08/28 21:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\DAP
[2009/03/14 22:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/08/28 15:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/03/14 16:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\Dreamweaver8_0License
[2009/06/25 15:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2010/07/03 02:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2009/03/14 15:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\FileMaker
[2009/03/14 16:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\Fireworks8_0_License
[2009/03/14 16:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\flash8VideoEncoder1_0License
[2009/03/14 16:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\Flash8_0License
[2010/08/27 01:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Geisha - The Secret Garden
[2009/03/14 16:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP
[2009/03/14 15:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Infovox 230
[2009/03/14 15:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\Inspiration 7.5 Intl
[2009/03/14 22:51:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/03/14 22:52:58 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/16 17:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/14 15:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/14 16:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/06/19 04:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/14 15:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/14 22:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/03/14 15:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/03/16 17:03:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/12/20 19:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/14 15:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/03/14 22:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/08/13 13:36:51 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/23 01:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/23 01:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2010/06/20 05:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/14 22:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/03/14 22:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/14 16:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/16 20:06:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mystery Case Files - Ravenhearst
[2010/06/16 00:49:48 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/08/27 18:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/14 22:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/06/19 03:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/03/14 16:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\ProTech
[2009/03/14 15:52:27 | 000,000,000 | ---D | M] -- C:\Program Files\PSS
[2009/03/14 16:38:22 | 000,000,000 | ---D | M] -- C:\Program Files\PTC
[2009/03/14 16:37:25 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/07/02 02:24:23 | 000,000,000 | ---D | M] -- C:\Program Files\Raptr
[2009/03/14 22:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/06/20 05:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/28 21:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\SearchPredict
[2009/03/14 22:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2009/03/14 16:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\Sketchup 5
[2010/09/03 02:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Accelerator
[2010/08/28 21:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Downloader
[2009/10/06 19:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/03/14 22:44:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/12 20:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/09/17 02:14:20 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze_Remote
[2010/03/24 19:14:35 | 000,000,000 | ---D | M] -- C:\Program Files\WildGames
[2010/06/19 00:49:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/06/19 00:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/08/27 18:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/14 22:38:39 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/15 13:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/06/18 19:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2009/03/14 22:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%*.* >
[2010/10/16 18:59:28 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\2964.bat
[2009/03/14 14:14:19 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2010/10/16 18:59:28 | 000,594,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\hotfix.exe
[2010/10/16 19:00:49 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\install
[2010/10/16 19:22:56 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\start


< MD5 for: AGP440.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 03:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/03 03:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 05:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 10:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 10:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 05:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 10:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 10:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 05:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 05:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 10:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 10:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 05:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 05:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< >

< >

< >

< >

< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2009/03/14 22:39:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/14 22:33:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/23 22:29:59 | 000,001,312 | ---- | M] () -- C:\CKINFO.TXT
[2009/03/14 22:39:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/18 20:11:01 | 2131,046,400 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/14 22:39:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/14 22:39:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/04 08:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2004/08/03 03:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/27 18:23:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/18 20:10:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/03/15 14:21:26 | 000,000,573 | ---- | M] () -- C:\RHDSetup.log
[2010/03/17 03:58:39 | 000,000,000 | ---- | M] () -- C:\t1jg.3

< %PROGRAMFILES%*. >
[2009/03/14 15:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/06/18 19:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\ABControl
[2010/03/23 01:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2009/06/18 17:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/14 15:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\asTTle
[2010/10/08 16:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2010/07/14 22:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bookworm Adventures
[2009/03/15 14:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Boot Camp
[2009/10/06 19:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2010/07/16 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/14 22:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/14 14:29:18 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/08/28 21:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\DAP
[2009/03/14 22:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/08/28 15:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/03/14 16:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\Dreamweaver8_0License
[2009/06/25 15:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2010/07/03 02:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2009/03/14 15:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\FileMaker
[2009/03/14 16:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\Fireworks8_0_License
[2009/03/14 16:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\flash8VideoEncoder1_0License
[2009/03/14 16:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\Flash8_0License
[2010/08/27 01:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Geisha - The Secret Garden
[2009/03/14 16:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP
[2009/03/14 15:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Infovox 230
[2009/03/14 15:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\Inspiration 7.5 Intl
[2009/03/14 22:51:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/03/14 22:52:58 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/16 17:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/14 15:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/14 16:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/06/19 04:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/14 15:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/14 22:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/03/14 15:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/03/16 17:03:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/12/20 19:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/14 15:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/03/14 22:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/08/13 13:36:51 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/23 01:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/23 01:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2010/06/20 05:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/14 22:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/03/14 22:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/14 16:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/16 20:06:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mystery Case Files - Ravenhearst
[2010/06/16 00:49:48 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/08/27 18:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/14 22:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/06/19 03:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/03/14 16:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\ProTech
[2009/03/14 15:52:27 | 000,000,000 | ---D | M] -- C:\Program Files\PSS
[2009/03/14 16:38:22 | 000,000,000 | ---D | M] -- C:\Program Files\PTC
[2009/03/14 16:37:25 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/07/02 02:24:23 | 000,000,000 | ---D | M] -- C:\Program Files\Raptr
[2009/03/14 22:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/06/20 05:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/28 21:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\SearchPredict
[2009/03/14 22:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2009/03/14 16:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\Sketchup 5
[2010/09/03 02:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Accelerator
[2010/08/28 21:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Downloader
[2009/10/06 19:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/03/14 22:44:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/12 20:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/09/17 02:14:20 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze_Remote
[2010/03/24 19:14:35 | 000,000,000 | ---D | M] -- C:\Program Files\WildGames
[2010/06/19 00:49:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/06/19 00:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/08/27 18:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/14 22:38:39 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/15 13:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/06/18 19:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2009/03/14 22:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%*.* >
[2010/10/16 18:59:28 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\2964.bat
[2009/03/14 14:14:19 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2010/10/16 18:59:28 | 000,594,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\hotfix.exe
[2010/10/16 19:00:49 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\install
[2010/10/16 19:22:56 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\start


< MD5 for: AGP440.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 03:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/03 03:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 05:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 10:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 10:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 05:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 10:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 10:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 05:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 05:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 10:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 10:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 05:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 05:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< >

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D93AABC7
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ADA8871
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD060F93
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517DBC32
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCB49694
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3D26A8A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE323A4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B7447D4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39C6A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2E567F

< End of report >

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Wed Oct 20, 2010 4:02 am

HI again, I think I have figured it out. Hope this is what you need, Cheers.

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by TheAvatar on Wed Oct 20, 2010 10:23 am

Hi,

Please do the following steps:

Step 1:

Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    FF - prefs.js..network.proxy.http: "172.16.0.5"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.type: 1
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Administrator\Application Data\hotfix.exe) - C:\Documents and Settings\Administrator\Application Data\hotfix.exe ()
    [2010/10/16 19:22:56 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\start
    [2010/10/16 19:00:49 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\install
    [2010/10/16 18:59:28 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\2964.bat

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.



Step 2:

Please download [You must be registered and logged in to see this link.].

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



Please post:
  • The log from OTL.
  • The MBAM log.


Thanks.


- The Avatar
GeekPolice.net Adviser
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Thu Oct 21, 2010 4:19 am

All processes killed
========== OTL ==========
Prefs.js: "172.16.0.5" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DriverScanner deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Administrator\Application Data\hotfix.exe deleted successfully.
C:\Documents and Settings\Administrator\Application Data\hotfix.exe moved successfully.
C:\Documents and Settings\Administrator\Application Data\start moved successfully.
C:\Documents and Settings\Administrator\Application Data\install moved successfully.
C:\Documents and Settings\Administrator\Application Data\2964.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Adunn

User: aito

User: Akim

User: All Users

User: cbawden

User: ckaiki

User: Default User

User: dhogg

User: dtynan

User: echapman

User: fmatagi.FAIRCOL.000

User: Hcoe

User: hcrequer.FAIRCOL

User: Hcurle

User: hsmith

User: jhitchens

User: Jkaiki

User: jlove

User: jwaite

User: kaunzo

User: kclarke

User: kturei

User: LocalService

User: Mosman

User: Mpalu

User: Mreti

User: NetworkService

User: nmanocha.FAIRCOL.003

User: rwhitaker.FAIRCOL

User: Sjohns

User: skohi

User: tbilich

User: wchang

User: Zreid

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 522812756 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91915810 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1479509787 bytes

Total Files Cleaned = 1,999.00 mb


[EMPTYFLASH]

User: Administrator

User: Adunn

User: aito

User: Akim

User: All Users

User: cbawden

User: ckaiki

User: Default User

User: dhogg

User: dtynan

User: echapman

User: fmatagi.FAIRCOL.000

User: Hcoe

User: hcrequer.FAIRCOL

User: Hcurle

User: hsmith

User: jhitchens

User: Jkaiki

User: jlove

User: jwaite

User: kaunzo

User: kclarke

User: kturei

User: LocalService

User: Mosman

User: Mpalu

User: Mreti

User: NetworkService

User: nmanocha.FAIRCOL.003

User: rwhitaker.FAIRCOL

User: Sjohns

User: skohi

User: tbilich

User: wchang

User: Zreid

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10202010_211349

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Thu Oct 21, 2010 5:27 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4897

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/10/2010 10:24:48 p.m.
mbam-log-2010-10-20 (22-24-48).txt

Scan type: Quick scan
Objects scanned: 382509
Time elapsed: 28 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by TheAvatar on Thu Oct 21, 2010 5:31 am

Hi Darryl Goddard,

We still have some work to do. Please to do the following:

Step 1:

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from [You must be registered and logged in to see this link.]

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel > Software and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
They will have this icon next to them:
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.


Step 2:

Using Internet Explorer or Firefox, visit [You must be registered and logged in to see this link.]

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click [You must be registered and logged in to see this link.] to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.




  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply




Please inform me as well how your machine is running.


- The Avatar
GeekPolice.net Adviser
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Thu Oct 21, 2010 5:54 am

I updated Java yesterday, the current version I have at the moment is Java Runtime Enviroment 6 Update 1, is this the correct version I need

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by TheAvatar on Thu Oct 21, 2010 7:01 am

It should be Java Runtime Enviroment 6 Update 22


- The Avatar
GeekPolice.net Adviser
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Sat Oct 23, 2010 1:32 am

Have got Java Update 22 now and have followed thru with your instructions. Thinkpoint is now gone and machine is running well. Thanks heaps for your help, cheers, Darryl.

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by TheAvatar on Sat Oct 23, 2010 6:22 am

Hi Kaspersky only lists infections, not remove them. Please post the log, there is still some work to do.


- The Avatar
GeekPolice.net Adviser
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Sun Oct 24, 2010 2:13 am

KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 21, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 20, 2010 23:24:16
Records in database: 4188528
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 137843
Threats found: 5
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 01:53:36


File name / Threat / Threats count
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\03DC0000\4FFEDB8E.VBN Infected: Worm.Win32.VBNA.isu 1
C:\_OTL\MovedFiles\10202010_211349\C_Documents and Settings\Administrator\Application Data\hotfix.exe Infected: Trojan.Win32.FakeAV.mvo 1

Selected area has been scanned.

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by TheAvatar on Sun Oct 24, 2010 3:20 am

Hi please do the following:


1.
Run OTL.exe

  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( dont check the boxes beside LOP Check or Purity this time )



2.

  1. Right-click the Symantec icon in the system tray, and click "Open Symantec AntiVirus."
  2. Click the plus sign next to "View," then click "Quarantine."
  3. Click the drop-down menu at the top of the screen and select "All Items."
  4. Click an item in the quarantine list, then press the "Ctrl" and "A" keys on the keyboard simultaneously to highlight all of the items.
  5. Click the X-shaped (Delete) icon at the top of the screen to delete the quarantine folder.



3.
Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.



Please let me know it it all goes and how your PC is running.

Thanks.


- The Avatar
GeekPolice.net Adviser
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Sun Oct 24, 2010 8:34 am

All processes killed
========== FILES ==========
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad moved successfully.
File\Folder C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad not found.
File\Folder C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Adunn

User: aito

User: Akim

User: All Users

User: cbawden

User: ckaiki

User: Default User

User: dhogg

User: dtynan

User: echapman

User: fmatagi.FAIRCOL.000

User: Hcoe

User: hcrequer.FAIRCOL

User: Hcurle

User: hsmith

User: jhitchens

User: Jkaiki

User: jlove

User: jwaite

User: kaunzo

User: kclarke

User: kturei

User: LocalService

User: Mosman

User: Mpalu

User: Mreti

User: NetworkService

User: nmanocha.FAIRCOL.003

User: rwhitaker.FAIRCOL

User: Sjohns

User: skohi

User: tbilich

User: wchang

User: Zreid

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6756 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Adunn

User: aito

User: Akim

User: All Users

User: cbawden

User: ckaiki

User: Default User

User: dhogg

User: dtynan

User: echapman

User: fmatagi.FAIRCOL.000

User: Hcoe

User: hcrequer.FAIRCOL

User: Hcurle

User: hsmith

User: jhitchens

User: Jkaiki

User: jlove

User: jwaite

User: kaunzo

User: kclarke

User: kturei

User: LocalService

User: Mosman

User: Mpalu

User: Mreti

User: NetworkService

User: nmanocha.FAIRCOL.003

User: rwhitaker.FAIRCOL

User: Sjohns

User: skohi

User: tbilich

User: wchang

User: Zreid

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10242010_012406

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Sun Oct 24, 2010 8:55 am

Hi, have done step 1 and posted otl log but now am lost again sorry. I can't see in my otl window where the system tray is, or am I looking in the wrong place?

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by TheAvatar on Sun Oct 24, 2010 9:46 am

Hi, the system tray is not in OTL. It is the bottom right hand corner of your screen, next to the clock.


- The Avatar
GeekPolice.net Adviser
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Wed Oct 27, 2010 5:31 am

Hi, have done the symantec as instructed but now I can't find Otl.exe anywhere on my computor. Have run a search for it but comes up with no results to display. there is no desktop icon or anything. There is an icon for ms-dos shortcut to OTL but that just gives an error message

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by TheAvatar on Wed Oct 27, 2010 10:19 am

Hi,

OTL was supposed to delete itself Smile

how is yor PC running?


- The Avatar
GeekPolice.net Adviser
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by Darryl Goddard on Thu Oct 28, 2010 3:17 am

It's running good thanks, does this mean we are finally finished? If so thank you so much, and sorry for being a computor dumb ass. You sure got he patience of an Avatar. Cheers.

Darryl Goddard
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2010-10-19
OS : xp

View user profile

Back to top Go down

Re: How can I remove Thinkpoint malware

Post by TheAvatar on Thu Oct 28, 2010 5:21 am

Hi Darryl,

It is my pleasure and you were very easy to work with.


CleanUp with OTL

  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You should be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:

  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes

This will remove all restore points except the new one you just created and clean unneeded files

Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


Turn On Automatic Updates:

    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit [You must be registered and logged in to see this link.] regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Antispyware programs:

I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • [You must be registered and logged in to see this link.] As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

  • [You must be registered and logged in to see this link.] - By altering your registry, this program stops harmful sites from installing things like [You must be registered and logged in to see this link.] on your machines.

  • Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recommend keeping it and using often.



Please read this great article by miekiemoes [You must be registered and logged in to see this link.]
and this great article by Tony Klein [You must be registered and logged in to see this link.]



Best wishes!

-TheAvatar


- The Avatar
GeekPolice.net Adviser
If I have helped you, please consider donating to [You must be registered and logged in to see this link.]

GeekPolice.net [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

TheAvatar
Intermediate
Intermediate

Status :
Online
Offline

Posts : 137
Joined : 2010-10-02
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum