Thinkpoint, internet but no browser, no antivirus working

View previous topic View next topic Go down

Thinkpoint, internet but no browser, no antivirus working

Post by StrikerX22 on Thu Oct 21, 2010 8:05 am

This is for my gf's computer, infected about 24ish hours ago, who has lost her browser function in her windows partition, and has now lost the ability to boot into her linux partition (startup programs crashing), possibly due to her backing up files to it.

Anyhow, I'm having her go through the procedures to post here, but she can't update java or adobe, for falsely accused lack of admin rights. I've sent files to her via dropbox, which she can receive via our shared folder, but the convenience stops there. She's trying to run OTL now... We've worked a bit to try to get rid of it already, taking advice from sources saying to kill the hotfix process and exe (and some things created at the time of the infection), but it hasn't really improved the situation at all, beyond making the annoying Thinkpoint fakeware not appear. We haven't found any registry entires supposedly involved, though with a fake alert malware that supposedly spawns it, a couple reg's associated were
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0"
while mine were set to 1, so I had her change those. She's been able to install mbam, but it won't then immediately update/launch and can't seem to at all. Hopefully that covers the story thus far. I'll get her to post any additions tomorrow at some point.

Not sure how posting here works, but it would be convenient if she could post through her own account once she has access to another computer tomorrow. Her nick will be aphtershox.

OTL log's in, here it is, name concealed:

OTL logfile created on: 10/21/2010 7:35:40 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\PROFILENAME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 155.17 Gb Total Space | 49.47 Gb Free Space | 31.88% Space Free | Partition Type: NTFS
Drive E: | 54.75 Mb Total Space | 46.85 Mb Free Space | 85.56% Space Free | Partition Type: FAT

Computer Name: PROFILENAME-2008COMP | User Name: PROFILENAME | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/20 23:57:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PROFILENAME\Desktop\O1TL.com
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/04 13:27:08 | 000,587,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


========== Modules (SafeList) ==========

MOD - [2010/10/20 23:57:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PROFILENAME\Desktop\O1TL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008/04/13 17:11:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 10:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\winser.exe -- (Win PPPe)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2008/01/04 13:27:08 | 000,587,096 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/09/07 11:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\notcable.sys -- (notecable) NoteCable Driver (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/07/16 08:54:49 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2010/05/21 09:11:40 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TunRAudio.sys -- (TunRAudio)
DRV - [2010/04/28 08:28:30 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DbusAudio.sys -- (DbusAudio)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/23 10:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/02/23 10:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/02/23 10:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/02/23 10:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/02/23 10:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/10 11:55:00 | 000,131,456 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/08 18:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DsAudioDevice_282.sys -- (DsAudioDevice_282)
DRV - [2008/11/11 15:01:44 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamdVideo.sys -- (CamdVideo)
DRV - [2008/11/11 15:01:42 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamdAudio.sys -- (CamdAudio)
DRV - [2008/10/17 01:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008/07/24 02:49:52 | 000,015,872 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cdburner.sys -- (cdburner)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/22 19:36:42 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/07/22 14:27:12 | 004,424,704 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/20 17:45:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/05/27 21:07:48 | 006,738,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 11:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 17:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-cneta&type=biennesoft_10647340"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {D8798A5A-77E3-4982-8D0F-44877E525777}:1.9.1
FF - prefs.js..keyword.URL: "http://gamebox.my-quick-search.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010/04/19 19:19:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D8798A5A-77E3-4982-8D0F-44877E525777}: C:\Documents and Settings\PROFILENAME\Local Settings\Application Data\{D8798A5A-77E3-4982-8D0F-44877E525777} [2010/10/19 20:19:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/21 18:29:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/07 07:32:42 | 000,000,000 | ---D | M]

[2008/08/27 20:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PROFILENAME\Application Data\Mozilla\Extensions
[2010/10/20 05:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\extensions
[2010/04/26 20:55:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/02 20:13:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/13 19:27:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/04/30 21:58:12 | 000,000,000 | ---D | M] (Digg This!) -- C:\Documents and Settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\extensions\{6E5A7695-7C8C-42ae-9ACE-98CB5E185599}
[2010/08/22 14:15:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/13 17:42:59 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\searchplugins\aim-search.xml
[2008/02/05 19:29:58 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\searchplugins\aolsearch.xml
[2010/07/16 07:21:55 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\searchplugins\web-search.xml
[2010/10/20 05:47:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/05 12:45:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/24 15:43:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 18:34:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2008/02/05 18:08:08 | 000,001,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe File not found
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Fqapogoce] C:\WINDOWS\ukahipenoxok.DLL ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [{F239A14E-75E8-2C92-E0FF-AD246E9D0AA9}] C:\Documents and Settings\PROFILENAME\Application Data\Inoqyq\ebno.exe ()
O4 - HKCU..\Run: [Bjegagedeyo] C:\WINDOWS\wmprvcrt.DLL ()
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKCU..\Run: [IJKUK66HMN] C:\DOCUME~1\PROFILENAME\LOCALS~1\Temp\Ndx.exe File not found
O4 - HKCU..\Run: [NtWqIVLZEWZU] C:\DOCUME~1\PROFILENAME\LOCALS~1\Temp\Nd0.exe File not found
O4 - HKCU..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Documents and Settings\PROFILENAME\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [You must be registered and logged in to see this link.] (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/09/25 18:55:54 | 000,001,046 | ---- | M] () - E:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2007/09/25 18:55:54 | 000,001,046 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT ]
O33 - MountPoints2\{139efa5c-7b88-11dd-b86a-001d097c6895}\Shell - "" = AutoRun
O33 - MountPoints2\{139efa5c-7b88-11dd-b86a-001d097c6895}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{139efa5c-7b88-11dd-b86a-001d097c6895}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d61abfcf-d422-11dc-ad28-001d097c6895}\Shell - "" = AutoRun
O33 - MountPoints2\{d61abfcf-d422-11dc-ad28-001d097c6895}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d61abfcf-d422-11dc-ad28-001d097c6895}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: ScreenShot.exe - hkey= - key= - C:\Program Files\ScreenShot\ScreenShot.exe File not found
MsConfig - StartUpReg: TunePat - hkey= - key= - C:\Program Files\TunePat\TunePat.exe File not found

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A303619C-7ACA-8F40-14F2-FE296F68D543} - DirectAnimation
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C148B7D8-F85B-6B31-2D1E-486A0F982AA5} - Microsoft Windows Media Player 6.4
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CBDDBDF2-9A90-6BAD-8AB7-63098B49D848} - Java (Sun)
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F1C786FF-02B0-920C-5E0D-9B5CFDC70B1D} - Browser Customizations
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS [You must be registered and logged in to see this link.]
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll ([You must be registered and logged in to see this link.]
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/21 07:16:40 | 027,634,824 | ---- | C] ( ) -- C:\Documents and Settings\PROFILENAME\Desktop\A1dbeRdr940_en_US.exe
[2010/10/21 07:12:36 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\PROFILENAME\Desktop\j1re-6u22-windows-i586.exe
[2010/10/21 07:02:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PROFILENAME\Desktop\O1TL.com
[2010/10/21 06:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/21 02:08:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\PROFILENAME\Recent
[2010/10/20 06:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PROFILENAME\Application Data\Avira
[2010/10/20 05:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes1
[2010/10/20 05:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\avira
[2010/10/19 20:20:01 | 000,221,184 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\Nvyvea.exe
[2010/10/19 20:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PROFILENAME\Local Settings\Application Data\{D8798A5A-77E3-4982-8D0F-44877E525777}
[2010/10/19 20:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PROFILENAME\Application Data\Inoqyq
[2010/10/19 20:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PROFILENAME\Application Data\Coly
[2010/10/14 17:09:47 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 17:09:47 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/14 17:09:47 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 17:09:40 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/12 20:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Audiosurf
[2010/10/12 19:40:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/10/12 19:40:49 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/09/27 23:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PROFILENAME\Application Data\Search Settings
[2010/09/27 23:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PROFILENAME\Application Data\YouTube Downloader
[2010/09/27 23:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/27 23:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/27 23:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/27 21:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/09/27 21:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/21 06:20:17 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Desktop\HijackThis.lnk
[2010/10/21 05:34:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/21 05:32:26 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/21 05:19:55 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hfowipadaxuve.dat
[2010/10/21 05:19:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ghilofaxacu.bin
[2010/10/21 05:19:39 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/21 05:19:38 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/10/21 00:13:11 | 027,634,824 | ---- | M] ( ) -- C:\Documents and Settings\PROFILENAME\Desktop\A1dbeRdr940_en_US.exe
[2010/10/21 00:09:05 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Desktop\J1avaRa.zip
[2010/10/21 00:07:30 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\PROFILENAME\Desktop\j1re-6u22-windows-i586.exe
[2010/10/20 23:57:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PROFILENAME\Desktop\O1TL.com
[2010/10/20 21:12:04 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Desktop\eXplorer.exe
[2010/10/20 06:03:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/19 20:19:54 | 000,221,184 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Nvyvea.exe
[2010/10/18 23:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/18 23:01:13 | 002,948,608 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Desktop\ARS 473 study guide 2.doc
[2010/10/15 18:13:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GunBound.lnk
[2010/10/14 18:45:29 | 001,550,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/12 20:23:14 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Desktop\Audiosurf.lnk
[2010/10/12 19:37:16 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/09 16:37:10 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Desktop\ars 473 prelim bibliography.doc
[2010/10/06 21:15:41 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 21:15:41 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/06 21:10:08 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Desktop\AdvThrowingResponsePaper.doc
[2010/10/04 18:43:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/27 21:34:03 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/21 07:13:36 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\PROFILENAME\Desktop\J1avaRa.zip
[2010/10/21 07:02:00 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\PROFILENAME\Desktop\eXplorer.exe
[2010/10/21 06:20:17 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\PROFILENAME\Desktop\HijackThis.lnk
[2010/10/20 06:03:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/19 20:20:14 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/10/19 20:20:02 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/19 20:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ghilofaxacu.bin
[2010/10/19 20:19:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hfowipadaxuve.dat
[2010/10/19 20:19:56 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/18 22:29:50 | 002,948,608 | ---- | C] () -- C:\Documents and Settings\PROFILENAME\Desktop\ARS 473 study guide 2.doc
[2010/10/15 18:13:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GunBound.lnk
[2010/10/12 20:23:14 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\PROFILENAME\Desktop\Audiosurf.lnk
[2010/10/06 22:13:48 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\PROFILENAME\Desktop\ars 473 prelim bibliography.doc
[2010/10/06 19:04:18 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\PROFILENAME\Desktop\AdvThrowingResponsePaper.doc
[2010/09/27 23:12:12 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/27 21:34:03 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2010/07/16 08:54:49 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2010/06/18 02:56:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/06/17 14:06:23 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdburner.sys
[2009/04/17 14:27:58 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2009/03/12 14:44:04 | 000,000,485 | ---- | C] () -- C:\WINDOWS\dle-xp.ini
[2008/12/10 02:38:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/08 21:19:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\w_madriver.dll
[2008/09/03 00:42:56 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2008/04/08 23:52:22 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2008/03/19 17:31:44 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gbufh.dll
[2008/03/16 21:29:44 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\PROFILENAME\Application Data\wklnhst.dat
[2008/03/08 14:13:09 | 000,000,200 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/03/08 14:13:08 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/03/04 11:40:17 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/04 11:40:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/12 19:38:49 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\PROFILENAME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/29 15:12:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/29 15:07:49 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/01/29 15:07:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/29 14:44:19 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/06/18 04:19:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\imslevel.dll
[2007/06/16 19:40:13 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\imsispd.dll
[2007/06/16 19:40:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DGRip.dll
[2007/06/02 10:46:32 | 000,153,840 | ---- | C] () -- C:\WINDOWS\System32\ARThumb.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:51:27 | 000,186,880 | ---- | C] () -- C:\WINDOWS\ukahipenoxok.dll
[2004/08/10 11:51:27 | 000,078,848 | ---- | C] () -- C:\WINDOWS\wmprvcrt.dll

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2008/12/30 12:38:18 | 000,000,040 | ---- | M] () -- C:\.directory
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/02/05 02:51:52 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/05/01 21:15:02 | 000,000,274 | ---- | M] () -- C:\Bryce Lightning Uninstall.log
[2008/05/01 00:37:33 | 000,000,254 | ---- | M] () -- C:\Bryce Uninstall.log
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/13 22:00:48 | 026,068,054 | ---- | M] () -- C:\d1x-rebirth_v0.55.1-win.rar
[2008/01/29 14:47:22 | 000,006,947 | RH-- | M] () -- C:\dell.sdr
[2010/07/25 20:06:43 | 000,001,475 | ---- | M] () -- C:\deltaStartup.log
[2008/02/05 11:48:48 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/06/13 17:42:42 | 000,001,280 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2009/05/04 18:43:47 | 000,003,049 | ---- | M] () -- C:\NEW.RL2
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/17 17:46:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/21 05:34:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/10/21 05:36:45 | 000,000,494 | ---- | M] () -- C:\rkill.log
[2008/03/08 14:13:47 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2008/07/22 18:54:40 | 000,000,000 | ---- | M] () -- C:\SFDebug.txt

< %PROGRAMFILES%*. >
[2009/10/21 20:15:13 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/17 00:13:13 | 000,000,000 | ---D | M] -- C:\Program Files\Alarm Clock
[2010/07/14 20:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\Alpha Centauri
[2008/03/26 18:08:43 | 000,000,000 | ---D | M] -- C:\Program Files\Ambient Design
[2008/04/08 23:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\Amond Software
[2008/06/06 15:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\Anvil Studio
[2008/04/08 23:48:24 | 000,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
[2008/10/22 17:17:07 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/27 21:34:19 | 000,000,000 | ---D | M] -- C:\Program Files\Application Updater
[2010/05/09 20:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2010/07/01 11:40:48 | 000,000,000 | ---D | M] -- C:\Program Files\Aspell
[2008/02/06 17:27:49 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2010/10/12 20:24:02 | 000,000,000 | ---D | M] -- C:\Program Files\Audiosurf
[2010/04/19 19:19:07 | 000,000,000 | ---D | M] -- C:\Program Files\AutocompletePro
[2010/10/20 05:32:20 | 000,000,000 | ---D | M] -- C:\Program Files\avira
[2010/08/20 02:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\Avira1
[2010/06/18 02:56:23 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2008/02/05 18:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\Blender Foundation
[2010/09/27 23:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/09/06 12:41:28 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/01/02 15:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\CDex_150
[2010/07/23 15:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2010/07/13 01:46:25 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/01/29 15:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/10/22 07:44:50 | 000,000,000 | ---D | M] -- C:\Program Files\DAZ
[2010/07/23 15:15:22 | 000,000,000 | ---D | M] -- C:\Program Files\Delta
[2010/07/23 15:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\FastStone Image Viewer
[2009/01/22 22:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\FLV Player
[2010/04/19 19:19:06 | 000,000,000 | ---D | M] -- C:\Program Files\Free Mp3 Wma Ogg Converter
[2009/12/27 20:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\Game_Maker8
[2009/08/10 23:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2008/05/06 18:02:34 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/02/14 00:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Gravity
[2010/03/25 16:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Iji
[2010/06/18 03:36:59 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2010/06/18 03:38:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/01/29 15:03:16 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2008/06/12 04:27:17 | 000,000,000 | ---D | M] -- C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
[2010/10/14 17:14:31 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/09/27 23:11:26 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/27 23:12:10 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/08/24 18:34:05 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/04/08 23:52:27 | 000,000,000 | ---D | M] -- C:\Program Files\Kate's Video Converter
[2008/02/05 19:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/08/25 18:36:11 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2008/03/04 12:13:12 | 000,000,000 | ---D | M] -- C:\Program Files\MagicVideoMakerPro
[2010/06/20 13:25:09 | 000,000,000 | ---D | M] -- C:\Program Files\MapleStory
[2010/07/23 15:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/08 15:22:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microprose
[2004/08/10 12:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/01/29 15:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/23 15:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/04/07 18:40:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft XNA
[2008/06/12 14:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\MidiNotate
[2010/08/10 21:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/20 05:47:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/05 12:27:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/08/10 12:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 12:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/09/19 13:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2008/02/05 19:09:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/01/29 14:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/06/16 22:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2008/09/17 17:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/06/17 14:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\NoteCable
[2008/09/11 09:29:56 | 000,000,000 | ---D | M] -- C:\Program Files\Ogg Converter
[2004/08/10 12:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/04/21 14:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.3
[2008/12/15 19:29:07 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.4
[2010/05/12 05:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/05/09 17:52:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2010/08/07 21:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\Pcsx2
[2010/08/11 17:49:39 | 000,000,000 | ---D | M] -- C:\Program Files\Pidgin
[2010/06/18 03:38:50 | 000,000,000 | ---D | M] -- C:\Program Files\Pradis
[2010/07/21 17:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
[2010/09/20 23:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/07/23 15:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Ragnarok Battle Offline
[2010/06/17 14:01:42 | 000,000,000 | ---D | M] -- C:\Program Files\RapidSolution
[2009/08/05 12:27:23 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/01/29 15:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/06/06 17:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Sion Software
[2010/10/15 18:13:04 | 000,000,000 | ---D | M] -- C:\Program Files\Softnyx
[2009/11/09 13:17:35 | 000,000,000 | ---D | M] -- C:\Program Files\Software by Design
[2009/02/16 19:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2010/07/30 01:11:27 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2010/10/02 19:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\StepMania
[2008/02/05 22:32:48 | 000,000,000 | ---D | M] -- C:\Program Files\SWFRIP
[2008/09/29 15:40:55 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2010/09/05 17:23:00 | 000,000,000 | ---D | M] -- C:\Program Files\tasofro
[2010/09/06 18:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\Touhou
[2010/06/12 01:34:33 | 000,000,000 | ---D | M] -- C:\Program Files\Touhou 08 - Imperishable Night
[2010/10/21 06:20:17 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/06/17 14:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\TuneCable
[2010/06/18 03:40:37 | 000,000,000 | ---D | M] -- C:\Program Files\TuneRaft
[2004/08/10 12:08:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/01/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\UnrealTournament2.2
[2010/10/19 19:14:36 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2008/07/24 20:03:24 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2010/09/01 20:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/04/05 18:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDub-1.7.8
[2010/05/09 17:52:46 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2008/09/03 22:06:09 | 000,000,000 | ---D | M] -- C:\Program Files\WAV to MP3 Encoder
[2010/07/14 10:42:56 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/07/14 10:42:48 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2010/07/23 15:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/09/17 17:48:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/17 17:48:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 12:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/03/03 22:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/10/30 09:59:44 | 000,000,000 | ---D | M] -- C:\Program Files\WMA To MP3 Converter
[2008/07/24 17:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\Wolfenstein 3D
[2010/06/17 14:11:31 | 000,000,000 | ---D | M] -- C:\Program Files\Wondershare
[2004/08/10 12:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/09/27 21:34:03 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader
[2010/09/27 21:34:19 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader Toolbar

< %appdata%*.* >
[2004/08/10 11:57:42 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\PROFILENAME\Application Data\desktop.ini
[2010/04/11 01:03:36 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\PROFILENAME\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/17 17:45:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/17 17:45:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/17 17:45:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/17 17:45:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 01:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

(continued...)

StrikerX22
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-10-21
OS OS : XP Home
Points Points : 22508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by StrikerX22 on Thu Oct 21, 2010 8:06 am

...continued:

< MD5 for: DISK.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/17 17:45:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/17 17:45:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/04 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/06/20 17:45:24 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\drivers\storage\R158515\iastor.sys
[2007/06/20 17:45:24 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\i386\iastor.sys
[2007/06/20 17:45:24 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/17 17:45:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/09/17 17:45:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\i386\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C765C323

< End of report >

StrikerX22
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-10-21
OS OS : XP Home
Points Points : 22508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by Belahzur on Fri Oct 22, 2010 12:16 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Fqapogoce] C:\WINDOWS\ukahipenoxok.DLL ()
    O4 - HKCU..\Run: [] File not found
    O4 - HKCU..\Run: [{F239A14E-75E8-2C92-E0FF-AD246E9D0AA9}] C:\Documents and Settings\PROFILENAME\Application Data\Inoqyq\ebno.exe ()
    O4 - HKCU..\Run: [Bjegagedeyo] C:\WINDOWS\wmprvcrt.DLL ()
    O4 - HKCU..\Run: [IJKUK66HMN] C:\DOCUME~1\PROFILENAME\LOCALS~1\Temp\Ndx.exe File not found
    O4 - HKCU..\Run: [NtWqIVLZEWZU] C:\DOCUME~1\PROFILENAME\LOCALS~1\Temp\Nd0.exe File not found
    [2010/10/21 05:19:55 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hfowipadaxuve.dat
    [2010/10/21 05:19:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ghilofaxacu.bin
    [2010/10/21 05:19:39 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2010/10/21 05:19:38 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by StrikerX22 on Fri Oct 22, 2010 8:05 am

Here it is. By the way, the Linux partition finally decided to start without a program crashing (and apparently making a black screen she couldn't get out of). Might not be related I guess.

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\{F239A14E-75E8-2C92-E0FF-AD246E9D0AA9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F239A14E-75E8-2C92-E0FF-AD246E9D0AA9}\ not found.
File C:\Document and Settings\Bre\Application Data\Inoqyq\ebno.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bjegagedeyo not found.
C:\WINDOWS\wmprvcrt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IJKUK66HMN not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NtWqIVLZEWZU not found.
C:\WINDOWS\Hfowipadaxuve.dat moved successfully.
C:\WINDOWS\Ghilofaxacu.bin moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.

OTL by OldTimer - Version 3.2.16.0 log created on 10222010_074733

StrikerX22
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-10-21
OS OS : XP Home
Points Points : 22508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by Belahzur on Fri Oct 22, 2010 11:49 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by StrikerX22 on Sat Oct 23, 2010 3:36 am

Mbam isn't running, as before (process doesn't even appear). We have noticed a process nvyvea.exe located in the windows folder and a similar file in the prefetch subfolder, which was created on the day of the infection. By the way, running firefox, it seems to redirect to "untitled," and local area connections DNS settings were set to some specific IP (wrote down if needed), which is abnormal. She changed it back to auto. We also noted another difference, but we're unsure what's correct. NetBIOS was set to Enable over tcp/ip, rather than default, and considering it's not "default" and mine is, and no one other than her has messed with her comp, she changed that to default. If you want us to set anything back, we can.

We gave a quick shot at rkill, which only killed itself in the log, and then killed nvyvea manually. It stayed off, but nothing beneficial happened. In safe mode it doesn't seem to appear at all. Firefox simply crashes in safe mode. IE seems to lose its tabs in normal mode once nvyvea is killed, not that any of them could go anywhere anyway. Killing nv also seems to turn some things into classic look at times, like the task bar and IE when it loses its tabs.

The infection took place at about 8:19pm, shown in this pic showing files modified 19th to 20th, sorted by creation date. Highlighted due to proximity in time:



Hope something from here helps a little.

edit: I forgot to mention, Avira had caught a few coming in, seen in the AVSCAN log files there, and one at 8:20 did something involving catching 11/13 found, 2 of which "could not be opened," and 1 file suspicious. Not really sure what that scan was doing (it ran "00:29 Minute(s)," with the comp freezing shortly after all this with pop up errors), but I can post the logs involved if you like.

Another detail: When she boots up in normal mode, after the desktop and such loads, she gets an error saying "Error loading C:\WINDOWS\wmprvcrt.dll The specified module could not be found." A few seconds after that, another error "Generic Host Process for Win32 Services has encountered a problem and needs to close" etc., and if it helps, the "Error Signature" on clicking to see what the report contains has
"szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : ntdll.dll
szModVer : 5.1.2600.5755 offset : 000258c2 "


I'm sorry, but we've found a mistake in our process. She had brought the computer over, but since I didn't want to risk putting it on the network (except when other cpmps are d/c'd), we tried to recite the fix character by character, and we've compared it now and have found a mistake. I decided it would be best to run the entire fix again using a flash drive to transfer the text. I'm not sure if there's a risk for infection there, but here's the new report, and it's how I decided to get the last report anyway:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Fqapogoce deleted successfully.
C:\WINDOWS\ukahipenoxok.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{F239A14E-75E8-2C92-E0FF-AD246E9D0AA9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F239A14E-75E8-2C92-E0FF-AD246E9D0AA9}\ not found.
File C:\Documents and Settings\PROFILENAME\Application Data\Inoqyq\ebno.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Bjegagedeyo deleted successfully.
File C:\WINDOWS\wmprvcrt.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IJKUK66HMN deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NtWqIVLZEWZU deleted successfully.
File C:\WINDOWS\Hfowipadaxuve.dat not found.
File C:\WINDOWS\Ghilofaxacu.bin not found.
File C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found.

OTL by OldTimer - Version 3.2.16.0 log created on 10232010_210623

Unfortunately, Mbam still refuses to work. We've tried to uninstall from safemode, restart back into safemode, install from a new installer, and it installs fine, but refuses to try to run right after. We've also tried not clicking the update now checkbox just for kicks. I apologize again for the screw up. We still seem to be in the same situation over here though.


Last edited by StrikerX22 on Sat Oct 23, 2010 9:38 pm; edited 2 times in total (Reason for editing : Mistake.)

StrikerX22
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-10-21
OS OS : XP Home
Points Points : 22508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by Belahzur on Sun Oct 24, 2010 12:04 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by StrikerX22 on Sun Oct 24, 2010 3:08 am


ComboFix 10-10-22.05 - PROFILENAME 10/24/2010 2:39.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1717 [GMT -7:00]
Running from: c:\documents and settings\PROFILENAME\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PROFILENAME\Application Data\Inoqyq
c:\documents and settings\PROFILENAME\Application Data\Inoqyq\ebno.exe
c:\documents and settings\PROFILENAME\Local Settings\Application Data\{D8798A5A-77E3-4982-8D0F-44877E525777}
c:\documents and settings\PROFILENAME\Local Settings\Application Data\{D8798A5A-77E3-4982-8D0F-44877E525777}\chrome.manifest
c:\documents and settings\PROFILENAME\Local Settings\Application Data\{D8798A5A-77E3-4982-8D0F-44877E525777}\chrome\content\_cfg.js
c:\documents and settings\PROFILENAME\Local Settings\Application Data\{D8798A5A-77E3-4982-8D0F-44877E525777}\chrome\content\overlay.xul
c:\documents and settings\PROFILENAME\Local Settings\Application Data\{D8798A5A-77E3-4982-8D0F-44877E525777}\install.rdf
c:\program files\YouTube Downloader Toolbar\IE\1.0\yoUTubedownloadertoolbarie.dll
c:\program files\YouTube Downloader Toolbar\SeARchsettings.dll
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\a.exe
c:\windows\system32\spool\prtprocs\w32x86\7m3gMYW.dll
c:\windows\system32\spool\prtprocs\w32x86\x79e17kU.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WIN_PPPE
-------\Service_Win PPPe


((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 04:24 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-24 04:24 . 2010-10-24 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-24 04:24 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-23 09:14 . 2010-10-24 04:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-22 14:47 . 2010-10-22 14:47 -------- d-----w- C:\_OTL
2010-10-21 13:20 . 2010-10-21 13:20 -------- d-----w- c:\program files\Trend Micro
2010-10-20 13:09 . 2010-10-20 13:09 -------- d-----w- c:\documents and settings\PROFILENAME\Application Data\Avira
2010-10-20 12:32 . 2010-10-20 12:32 -------- d-----w- c:\program files\avira
2010-10-20 03:20 . 2010-10-20 03:19 221184 ----a-w- c:\windows\Nvyvea.exe
2010-10-20 03:18 . 2010-10-20 11:59 -------- d-----w- c:\documents and settings\PROFILENAME\Application Data\Coly
2010-10-15 00:09 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 00:09 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 00:09 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 00:09 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 03:22 . 2010-10-13 03:24 -------- d-----w- c:\program files\Audiosurf
2010-10-13 02:40 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-13 02:40 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-09-28 06:31 . 2010-09-28 06:31 -------- d-----w- c:\documents and settings\PROFILENAME\Application Data\Search Settings
2010-09-28 06:31 . 2010-09-28 06:31 -------- d-----w- c:\documents and settings\PROFILENAME\Application Data\YouTube Downloader
2010-09-28 06:11 . 2010-09-28 06:11 -------- d-----w- c:\program files\iPod
2010-09-28 06:11 . 2010-09-28 06:12 -------- d-----w- c:\program files\iTunes
2010-09-28 06:08 . 2010-09-28 06:08 -------- d-----w- c:\program files\Bonjour
2010-09-28 04:34 . 2010-09-28 04:34 -------- d-----w- c:\program files\Application Updater
2010-09-28 04:34 . 2010-10-24 09:45 -------- d-----w- c:\program files\YouTube Downloader Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 18:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 18:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 18:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-10 18:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 18:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 18:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 18:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 00:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 18:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 18:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-28 01:44 . 2010-07-28 01:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44 . 2010-07-28 01:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 01:44 . 2010-07-28 01:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44 . 2010-07-28 01:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\PROFILENAME\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\PROFILENAME\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\PROFILENAME\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2010-08-10 49321]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-22 16132608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SearchSettings"="c:\program files\YouTube Downloader Toolbar\SearchSettings.exe" [2010-02-20 974848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\PROFILENAME\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 09:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 17:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\UnrealTournament2.2\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\PROFILENAME\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Alpha Centauri\\Terranx.icd"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Alpha Centauri\\terranx.exe"=
"c:\\Documents and Settings\\PROFILENAME\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 cdburner;cdburner;c:\windows\system32\drivers\cdburner.sys [6/17/2010 2:06 PM 15872]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2/19/2010 7:43 PM 380928]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [9/29/2008 3:40 PM 1373480]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [6/17/2010 2:13 PM 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [6/17/2010 2:14 PM 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [6/17/2010 2:14 PM 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [6/17/2010 2:14 PM 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [6/17/2010 2:14 PM 25704]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S3 CamdAudio;CamdAudio;c:\windows\system32\drivers\CamdAudio.sys [6/17/2010 3:27 PM 23096]
S3 CamdVideo;CamdVideo;c:\windows\system32\drivers\CamdVideo.sys [6/17/2010 3:27 PM 3768]
S3 DbusAudio;DbusAudio;c:\windows\system32\drivers\DbusAudio.sys [6/17/2010 3:36 PM 23096]
S3 DsAudioDevice_282;DsAudioDevice_282;c:\windows\system32\drivers\DsAudioDevice_282.sys [6/18/2010 3:22 AM 16640]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [6/21/2009 8:17 PM 131456]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [6/21/2009 8:17 PM 79104]
S3 notecable;NoteCable Driver (WDM);c:\windows\system32\drivers\notcable.sys --> c:\windows\system32\drivers\notcable.sys [?]
S3 TunRAudio;TunRAudio;c:\windows\system32\drivers\TunRAudio.sys [6/17/2010 2:42 PM 23096]
.
Contents of the 'Scheduled Tasks' folder

2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\PROFILENAME\Application Data\Mozilla\Firefox\Profiles\p9somufp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\YouTube Downloader Toolbar\FF\components\youtubedownloaderToolbarFF.dll
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-ScreenShot - c:\program files\ScreenShot\ScreenShot.exe
MSConfigStartUp-TunePat - c:\program files\TunePat\TunePat.exe
AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe
AddRemove-IaMP English - c:\documents and settings\PROFILENAME\Desktop\games\Touhou games\7.5 Immaterial And Missing Power\uninstall_th075e.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1252)
c:\windows\system32\WININET.dll
c:\documents and settings\PROFILENAME\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-24 02:50:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-24 09:50

Pre-Run: 50,796,244,992 bytes free
Post-Run: 50,837,241,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7057D5ED7E269781B2F667BA1CBA3AAE

StrikerX22
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-10-21
OS OS : XP Home
Points Points : 22508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by Belahzur on Mon Oct 25, 2010 12:12 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by StrikerX22 on Mon Oct 25, 2010 1:36 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=673a9ef1ec151d469edd67176071e6ed
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-25 08:25:57
# local_time=2010-10-25 01:25:57 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=140997
# found=8
# cleaned=8
# scan_time=2774
C:\Documents and Settings\PROFILENAME\Desktop\recent stuff\Firefox DLs\FalcoGIFAnimatorSetup.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Gravity\RagII\Divinia RO2\System\RagII.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Gravity\RagII\System\RagII.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Nvyvea.exe a variant of Win32/Kryptik.HNS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10222010_074733\C_WINDOWS\wmprvcrt.dll a variant of Win32/Cimag.DS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10232010_210623\C_WINDOWS\ukahipenoxok.dll a variant of Win32/Kryptik.GTR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

StrikerX22
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-10-21
OS OS : XP Home
Points Points : 22508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by Belahzur on Tue Oct 26, 2010 12:12 am

Hello.

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by StrikerX22 on Wed Oct 27, 2010 1:40 am

東方緋想天 Ver1.06 (Touhou 10.5)
東方非想天則 Ver1.10アップデート (Touhou 12.3)
Acrobat.com
Acrobat.com
Ad-Aware 2007
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Common File Installer
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Reader 9.4.0
Adobe Setup
Adobe Setup
Adobe Stock Photos 1.0
Alarm Clock v1.0
Alien Swarm
Any Video Converter 2.5.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtRage 2 Starter Edition
ASIO4ALL
Aspell English Dictionary-0.50-2
Audacity 1.2.6
Audiosurf Beta
AutocompletePro
Blender (remove only)
Bonjour
CCleaner
CDex extraction audio
Combined Community Codec Pack 2008-01-24
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Download Updater (AOL LLC)
Emperor: Rise of the Middle Kingdom
ESET Online Scanner v3
EssenceRO
FastStone Image Viewer 4.2
FL Studio 9
FLV Player 2.0 (build 25)
Free Mp3 Wma Ogg Converter 7.1.1
Galactic Arms Race 1.1
Game Maker 8.0
GIMP 2.6.6
GNU Aspell 0.50-3
GTK+ Runtime 2.14.7 rev a (remove only)
GunBound Thor's Hammer
GunBound Thor's Hammer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections 12.1.12.0
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kate's Video Converter 3.0.2
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MapleStory
Master of Orion II
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft AppLocale
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Application Compatibility Database
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
MidiNotate Composer
Mozilla Firefox (3.6.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NoteCable 1.1.1
NSIS Hisoutensoku English
NSIS SWR English
NVIDIA Drivers
OpenOffice.org 2.4
Pcsx2 0.9.6
Pen Tablet
Pidgin
PowerDVD
Project64 1.6
QSE 12 MIDI Edition
QuickTime
Ragnarok Battle Offline
Ragnarok Online
RBO Extra Scenario Vol.1
RBO Extra Scenario Vol.2
RBO Extra Scenario Vol.3
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sid Meier's Alpha Centauri 2000/XP Compatibility Update
Sid Meier's Planetary Pack
Sonic Activation Module
Starcraft
Steam
StepMania (remove only)
SWFRIP 0.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VeohTV BETA
VLC media player 1.1.4
WAV to MP3 Encoder
Winamp
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WMA To MP3 Converter
Wolfenstein 3D
WolfTeam International
YouTube Downloader 2.6.2
YouTube Downloader Toolbar v1.0


Edit: This is StrikerX22's gf, the one who's computer got the virus. I added the names for the first 2 programs, the names of which were in Japanese and not rendering right anyway. Not that I think that's important, but just so you know they're not. As you can see, my internet is working again, so thanks for the help.


Last edited by StrikerX22 on Wed Oct 27, 2010 1:48 am; edited 1 time in total (Reason for editing : extra information)

StrikerX22
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-10-21
OS OS : XP Home
Points Points : 22508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by Belahzur on Thu Oct 28, 2010 12:32 am

Hello.

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 3
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by StrikerX22 on Thu Oct 28, 2010 2:31 am

It seems to be running normally, except for my linux partition. I don't know if you can help me with this, but I'll mention it anyway I guess... I wish I had kept track of when I started having the problem...I used to be able to access my Windows partition from that one, which is why I had it for backup. I know it still worked after Windows first got infected, but I also updated Mandriva shortly after. Anyway the problem is that I can't access my Windows partition from there anymore; I'm not sure whether it's from the virus eventually screwing something up to make it semi-undetectable from there, or if something changed after I updated. I can't understand the error message though. It says:

"An error occurred while accessing '155.2 GiB Hard Drive', the system responded:
org.freedesktop.Hal.Device.PermissionDeniedbyPolicy
org.freedesktop.hal.storage.mount-fixed
auth_admin_keep_always <-- (action, result)"

I took this as maybe something having changed from updating. Usually it asked me for my root password before accessing it, so I wonder if it has to do with that. I noticed it changed the name of the partition, although I don't remember what it was called before. I tried using the tools to try to share the partitions, but I didn't have any success, because the drive wasn't under the same place. It was at /media/disk. I tried to track it down using su in a console, and now it shows up in /root/.inspect_tmp_dir. I have no idea why it appears to be in a hidden folder, but when I tried ls on one of the folders inside (which were all highlighted in the console, which is unusual), it wouldn't let me type it out because of the spaces. It doesn't seem to recognize it right at all. I know it should still be on sda2 of course. I tried to tell it to mount the thing because it sounded familiar, but it said that it couldn't be found in /etc/fstab or /etc/mtab. I haven't had the time to look it up thoroughly lately, so maybe I can just do that. It's just odd though for it to change so weirdly.

StrikerX22
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-10-21
OS OS : XP Home
Points Points : 22508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by StrikerX22 on Mon Nov 01, 2010 6:40 am

bump

StrikerX22
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-10-21
OS OS : XP Home
Points Points : 22508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by Belahzur on Tue Nov 02, 2010 12:50 am

Don't think I can help with that, I don't use Linux.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by StrikerX22 on Tue Nov 02, 2010 1:47 am

Well, should she make a separate thread to discuss it (she can link back to here)? I thought it might be related, considering the timing, but since Linux was updated right after the infection, it's hard to say if it's not just the update. Considering it's how it sees the Windows partition though, I do wonder.

StrikerX22
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-10-21
OS OS : XP Home
Points Points : 22508
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint, internet but no browser, no antivirus working

Post by Belahzur on Wed Nov 03, 2010 1:22 am

Yes, feel free to link back to here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum