Got the ThinkPoint virus out BUT!

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Wed 27 Oct 2010, 4:25 am

Im not sure how to really work myself around this site but i just got rid of ThinkPoint off my computer thank you SO much btw!
But! now my icons on my desktop and even when i click the start button wont let me click on anything! There are things that i need for school on my desktop to get to for some of my classes tomorrow. Its really stressing me out all of my icons EVERYWHERE look like a little papers with the top right corner bent with a little picture in the middle of a little window with three icons on them and everytime i try to click on one it says,

"C\Users\{MYNAME}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.Ink is not valid Win32 application."

So i press OK.
And it tells me,
"Can't open this item;"
"It might have been moved, renamed, or deleted. Do you want to remove this item?"
and of course i press no because i dont want to remove it, it's obviously important lol.
But how can i/you/we fix it i need help!

This was all sunday night.
Someone suggested that i download a few things but my computer wont let me click on ANY icons on my computer at all theres a few things that ive worked around to be able to get to but there are other things that i cant get to like microsoft word or power point or the internet for that matter so if i was able to download it i wouldnt be able to retrieve it afterwards to actually use it.
:/ help pleeeease?
Im not sure what to do.


-Christina

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Belahzur on Wed 27 Oct 2010, 10:45 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Wed 27 Oct 2010, 12:23 pm

OTL logfile created on: 10/26/2010 8:09:53 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\TinaMarie\Music\My Music
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.20 Gb Total Space | 175.47 Gb Free Space | 79.69% Space Free | Partition Type: NTFS
Drive D: | 12.49 Gb Total Space | 2.09 Gb Free Space | 16.71% Space Free | Partition Type: NTFS

Computer Name: TINAMARIE-PC | User Name: TinaMarie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/26 20:09:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TinaMarie\Music\My Music\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/11 14:17:50 | 018,707,640 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2010/06/26 22:28:29 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/05/11 16:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid\Vid.exe
PRC - [2010/05/07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/10/26 20:09:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TinaMarie\Music\My Music\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 07:57:56 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/24 16:53:24 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/09/24 16:53:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/13 09:12:02 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - [2010/07/30 12:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/30 12:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/30 12:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/05/07 13:44:50 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C510(UVC)
DRV:64bit: - [2010/05/07 13:43:02 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/05/07 13:40:26 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/26 21:05:32 | 000,699,960 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/05 09:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/24 16:54:10 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/08/13 17:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 01:45:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Updater For ooVoo Toolbar) - {442AE524-EBA5-4b17-82F3-888D68BC999A} - C:\Program Files (x86)\oovootb\auxi\oovooAu.dll (Visicom Media)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Logitech Vid HD] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} [You must be registered and logged in to see this link.] (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/25 22:20:23 | 000,000,000 | ---D | C] -- C:\Users\TinaMarie\Documents\Recycle Bin
[2010/10/25 00:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/10/24 20:24:34 | 000,000,000 | ---D | C] -- C:\Users\TinaMarie\AppData\Roaming\Malwarebytes
[2010/10/24 20:23:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/24 20:23:39 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/24 20:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/24 20:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/24 19:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/10/24 19:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/13 20:35:06 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 20:35:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/13 20:35:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/13 20:35:05 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/13 20:35:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 20:35:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/13 20:35:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/13 20:35:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/13 20:35:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 20:35:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/13 20:35:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/13 20:35:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/13 20:35:04 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/13 20:35:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/13 20:34:39 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 20:33:49 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 20:33:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 20:33:47 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 20:33:44 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/13 20:33:34 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/13 20:33:34 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 20:33:33 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 20:33:33 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 20:32:09 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 20:32:08 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 20:32:07 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 20:32:06 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 20:31:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/09/28 16:34:24 | 001,988,176 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\vsapint.sys
[2010/09/28 16:34:24 | 000,309,840 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmxpflt.sys
[2010/09/28 16:34:24 | 000,042,576 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmpreflt.sys
[1 C:\Users\TinaMarie\Documents\*.tmp files -> C:\Users\TinaMarie\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/26 20:11:52 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2010/10/26 20:10:14 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2010/10/26 19:57:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/26 19:57:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/26 19:52:11 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/26 19:51:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/26 14:02:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/26 14:01:51 | 1556,500,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/25 14:24:25 | 000,330,240 | ---- | M] () -- C:\Users\TinaMarie\Documents\Chapter 6 Schacter- Learning.ppt
[2010/10/24 20:23:47 | 000,001,005 | ---- | M] () -- C:\Users\TinaMarie\Documents\Malwarebytes' Anti-Malware.lnk
[2010/10/24 20:23:47 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/24 19:11:56 | 000,001,031 | ---- | M] () -- C:\Users\TinaMarie\Documents\Microsoft Security Essentials.lnk
[2010/10/24 19:11:56 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/22 19:38:57 | 000,024,042 | ---- | M] () -- C:\Users\TinaMarie\Documents\Final Destination; Paris.docx
[2010/10/18 14:45:31 | 000,270,848 | ---- | M] () -- C:\Users\TinaMarie\Documents\Chapter 5 Schacter - Memory.ppt
[2010/10/14 11:27:06 | 000,347,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 01:18:22 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/14 01:18:22 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/14 01:18:22 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/13 00:14:15 | 000,231,424 | ---- | M] () -- C:\Users\TinaMarie\Documents\Chapter 8 -Consciousness- shortened.ppt
[2010/10/12 22:45:05 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTinaMarie.job
[2010/10/07 20:52:53 | 000,010,215 | ---- | M] () -- C:\Users\TinaMarie\Documents\Two Weeks Notice.docx
[2010/10/06 14:47:36 | 000,364,544 | ---- | M] () -- C:\Users\TinaMarie\Documents\Chapter 4 Schacter - Sensation & Perception.ppt
[2010/09/29 18:55:37 | 001,838,766 | ---- | M] () -- C:\Users\TinaMarie\Documents\mathsolutions.pdf
[2010/09/28 16:34:11 | 000,465,920 | ---- | M] () -- C:\Users\TinaMarie\Documents\Chapter 3 Schacter - Brain & Behavior.ppt
[1 C:\Users\TinaMarie\Documents\*.tmp files -> C:\Users\TinaMarie\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/25 22:20:25 | 000,002,515 | ---- | C] () -- C:\Users\TinaMarie\Documents\Skype.lnk
[2010/10/25 22:20:25 | 000,002,429 | ---- | C] () -- C:\Users\TinaMarie\Documents\iTunes.lnk
[2010/10/25 22:20:25 | 000,002,406 | ---- | C] () -- C:\Users\TinaMarie\Documents\Play Double Play - Jojos Fashion Show 1 and 2.lnk
[2010/10/25 22:20:25 | 000,002,374 | ---- | C] () -- C:\Users\TinaMarie\Documents\Play Where's Waldo The Fantastic Journey.lnk
[2010/10/25 22:20:25 | 000,002,268 | ---- | C] () -- C:\Users\TinaMarie\Documents\eBay.lnk
[2010/10/25 22:20:25 | 000,002,212 | ---- | C] () -- C:\Users\TinaMarie\Documents\Play HP Games.lnk
[2010/10/25 22:20:25 | 000,002,004 | ---- | C] () -- C:\Users\TinaMarie\Documents\Trend Micro AntiVirus plus AntiSpyware.lnk
[2010/10/25 22:20:25 | 000,001,857 | ---- | C] () -- C:\Users\TinaMarie\Documents\ooVoo.lnk
[2010/10/25 22:20:25 | 000,001,845 | ---- | C] () -- C:\Users\TinaMarie\Documents\QuickTime Player.lnk
[2010/10/25 22:20:25 | 000,001,624 | ---- | C] () -- C:\Users\TinaMarie\Documents\Logitech Webcam Software .lnk
[2010/10/25 22:20:25 | 000,001,321 | ---- | C] () -- C:\Users\TinaMarie\Documents\Microsoft Office - 60 Day Trial.lnk
[2010/10/25 22:20:25 | 000,001,133 | ---- | C] () -- C:\Users\TinaMarie\Documents\Yahoo! Messenger.lnk
[2010/10/25 22:20:25 | 000,001,097 | ---- | C] () -- C:\Users\TinaMarie\Documents\HP Support Assistant.lnk
[2010/10/25 22:20:25 | 000,001,031 | ---- | C] () -- C:\Users\TinaMarie\Documents\Microsoft Security Essentials.lnk
[2010/10/25 22:20:25 | 000,000,996 | ---- | C] () -- C:\Users\TinaMarie\Documents\Logitech Vid.lnk
[2010/10/25 22:20:23 | 000,001,005 | ---- | C] () -- C:\Users\TinaMarie\Documents\Malwarebytes' Anti-Malware.lnk
[2010/10/24 20:23:47 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/24 19:11:56 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/21 00:19:41 | 000,024,042 | ---- | C] () -- C:\Users\TinaMarie\Documents\Final Destination; Paris.docx
[2010/10/20 13:57:44 | 000,330,240 | ---- | C] () -- C:\Users\TinaMarie\Documents\Chapter 6 Schacter- Learning.ppt
[2010/10/18 13:21:28 | 000,270,848 | ---- | C] () -- C:\Users\TinaMarie\Documents\Chapter 5 Schacter - Memory.ppt
[2010/10/08 13:57:30 | 000,231,424 | ---- | C] () -- C:\Users\TinaMarie\Documents\Chapter 8 -Consciousness- shortened.ppt
[2010/10/07 20:52:52 | 000,010,215 | ---- | C] () -- C:\Users\TinaMarie\Documents\Two Weeks Notice.docx
[2010/09/29 18:55:37 | 001,838,766 | ---- | C] () -- C:\Users\TinaMarie\Documents\mathsolutions.pdf
[2010/09/29 14:00:38 | 000,364,544 | ---- | C] () -- C:\Users\TinaMarie\Documents\Chapter 4 Schacter - Sensation & Perception.ppt
[2010/07/18 00:42:29 | 000,004,608 | ---- | C] () -- C:\Users\TinaMarie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 11:21:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/26 21:20:34 | 000,000,000 | ---- | C] () -- C:\Users\TinaMarie\AppData\Local\QSwitch.txt
[2010/06/26 21:20:34 | 000,000,000 | ---- | C] () -- C:\Users\TinaMarie\AppData\Local\DSwitch.txt
[2010/06/26 21:20:34 | 000,000,000 | ---- | C] () -- C:\Users\TinaMarie\AppData\Local\AtStart.txt
[2010/06/26 21:20:31 | 000,000,410 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/05/07 13:44:36 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/05/07 13:44:16 | 005,496,152 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/03/20 22:31:14 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/03/20 22:31:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/20 22:30:58 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/20 22:30:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/20 22:30:07 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/20 22:18:21 | 000,000,333 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/03/20 22:18:21 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/13 01:34:01 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/03/13 01:30:00 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/03/13 01:28:54 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/03/13 01:28:23 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

< End of report >







Am i doing this right so far?

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Belahzur on Thu 28 Oct 2010, 11:29 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Thu 28 Oct 2010, 12:30 pm

I'm not sure if you needed this one too, but here ya go anyways.
And thanks for the help so far too

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4968

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/27/2010 8:28:15 PM
mbam-log-2010-10-27 (20-28-15).txt

Scan type: Quick scan
Objects scanned: 140820
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Temp\TMP00000001343D9257E0C852AC (Trojan.Dropper) -> Quarantined and deleted successfully.

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Belahzur on Fri 29 Oct 2010, 12:21 pm

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Mon 01 Nov 2010, 3:33 pm

C:\Users\TinaMarie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MHOYR6Q2\XvidSetup[1].exe
a variant of Win32/Adware.HotBar.H application
cleaned by deleting - quarantined

C:\Users\TinaMarie\AppData\Local\Temp\nsz798B.tmp\Install.dll
a variant of Win32/Adware.HotBar.E application
cleaned by deleting - quarantined

C:\Users\TinaMarie\Documents\ClickPotatoInstaller.exe
a variant of Win32/Adware.HotBar.H application
cleaned by deleting - quarantined

C:\Users\TinaMarie\Documents\VLCSetup.exe
a variant of Win32/Adware.HotBar.H application
cleaned by deleting - quarantined

C:\Users\TinaMarie\Documents\XvidSetup.exe
a variant of Win32/Adware.HotBar.H application
cleaned by deleting - quarantined

Operating memory
probably a variant of Win32/Adware.180Solutions application
contained infected files


I've been doing this scan since the day you replied but once the log is saved my computer wont let me retrieve it, i cant even access any word doctumets of ANY kind, I'm no sure if this is the Log you need but it's all i can give you from this scan.

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Belahzur on Tue 02 Nov 2010, 11:43 am

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Wed 03 Nov 2010, 2:25 pm

MBRCheck, version 1.2.3
2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: , 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c

\\.C: --> \\.\PhysicalDrive0 at offset 0x00000000'0c800000
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037'19100000

Size Device Name MBR Status
---------------------------------------------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 17DED76FA968BF4760C9E47179B9B43F281EEB90

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



I didnt press anything after that and just exited.

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Belahzur on Thu 04 Nov 2010, 11:50 am

Hello.
Please reboot the the machine, start tapping F8 just as it starts booting.

Is there an option for "Repair Your Computer"?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Thu 04 Nov 2010, 12:32 pm

Yes, what directions should i choose and should i save my important files before i do this.
Will they get deleted?

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Belahzur on Fri 05 Nov 2010, 9:26 am

No they wont get deleted, this isn't a format, it's a repair.

Select the repair option, it will ask what OS you want to repair, so select the one we are working one.

Next it will ask how to repair it, one option will be "Command Prompt", select that option.

In the command prompt, type in "bootrec.exe /fixmbr" without the quote marks, notice a space between the e and /

Hit enter, when it says "Operation successful", reboot the machine then re-run MBRCheck and post the new log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Fri 05 Nov 2010, 1:08 pm

MBRCheck, version 1.2.3
2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: , 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'0c800000
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037'19100000

Size Device Name MBR Status
--------------------------------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by DragonMaster Jay on Mon 08 Nov 2010, 3:08 pm

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Desktop and all other items.

Post by tinamguerrero on Tue 09 Nov 2010, 1:17 pm

This is what ALL my icons look like.

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Tue 09 Nov 2010, 1:30 pm

The picture i need to show you is too large to post on here. Is there somewhere else i can send it? Ive already tried explaining it in my very first post but nothing ive downloaded since has fixed it its just gotten the Other things out. I think the pictures would help alot to be understood.

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Belahzur on Wed 10 Nov 2010, 11:14 am

Can you upload the screenshot to an image host? [tinypic/photobucket/imageshack, etc]


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Wed 10 Nov 2010, 12:35 pm

Photo Number 3:




Photo Number 2:



Photo Number 3:


tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Wed 10 Nov 2010, 12:38 pm

Shizz, Sorry they go in the order thet're posted, not the way they are numbered.
The icon image, The error message and the "Can't open this item."

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Belahzur on Thu 11 Nov 2010, 11:39 am

Looks like bad shortcuts, can you re-create the shortcut by making a new shortcut of whatever file it is trying to open from the actual file?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Thu 11 Nov 2010, 2:13 pm

I wouldnt know how to do that, Every single thing on my computer is like that, the only way i can get to the Internet is by right clicking and then choosing one of the past sites on my history.
And for example music/picture files or documents i need daily for school. I have to access by clicking on the start menu and then pressing Documents on the right side of the start menu bar. I cant use Microsoft Office Word iTunes Internet Explorer or Windows Media Player at all with out doing this.
And if its something else like ooVoo skype yahoo messenger or any of the security protections i have that are only on my desktop i cant access them. At all.

tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Belahzur on Fri 12 Nov 2010, 11:09 am

Hello.
No problem, to create a new shortcut, try this.

Navigate to this folder: C:\Program Files\Skype\Phone

Inside is Skype.exe, right click > Send to > "Desktop (create shortcut)

A new Skype shortcut should appear on your Desktop, see if you can open it just as a test.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Fri 12 Nov 2010, 1:31 pm


tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by tinamguerrero on Sat 13 Nov 2010, 9:42 am


tinamguerrero

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-25
Operating System : Windows7 (?)

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Belahzur on Sat 13 Nov 2010, 12:02 pm

Hmm.

Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    o Now, go to Settings >> Change Settings
    o Go to Actions tab >> under Objects section, change the settings to below
    Infected objects - Cure
    Incurable objects - Report
    Suspicious objects - Report
    o Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Got the ThinkPoint virus out BUT!

Post by Sponsored content Today at 8:00 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum