Thought I got rid of the Thinkpoint virus...

View previous topic View next topic Go down

Thought I got rid of the Thinkpoint virus...

Post by cmatt on 27th October 2010, 2:10 am

but none of the antivirus/anti spyware programs will update. Also, when I try to open IE, it says:

Invalid Request

You requested a page that does not exist.
You may have reached this page by clicking on an invalid link or bookmark.




©2005 Google


I'm able to get online with FireFox. Please help!!

Base on another user's similar post, I've ran OTL and posted both logs in the following posts.


Last edited by cmatt on 27th October 2010, 2:12 am; edited 1 time in total

cmatt
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-08-09
OS OS : XP Home
Points Points : 26935
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by cmatt on 27th October 2010, 2:10 am

OTL logfile created on: 10/26/2010 9:04:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Pops\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 125.00 Gb Free Space | 86.62% Space Free | Partition Type: NTFS

Computer Name: D9QNDS91 | User Name: Pops | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/26 21:03:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pops\Desktop\OTL.exe
PRC - [2010/03/31 19:49:31 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/01 18:34:15 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 18:34:14 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/25 14:20:38 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/05/19 16:50:27 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/07/26 17:21:24 | 000,053,248 | R--- | M] (General) -- C:\WINDOWS\system32\umonit.exe
PRC - [2006/04/10 18:22:29 | 000,554,496 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/04/10 18:22:29 | 000,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2006/04/10 18:22:29 | 000,169,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2006/04/10 18:14:05 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 19:20:46 | 000,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2005/09/08 19:20:46 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/10/26 21:03:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pops\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/01 18:34:14 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/10/28 07:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcgcoms.exe -- (dlcg_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2009/12/07 16:18:39 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/08/05 16:06:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/05 16:06:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/05 16:06:28 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/26 17:21:24 | 000,006,016 | R--- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor)
DRV - [2006/04/10 18:14:08 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/21 12:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av) Icatch(IV)
DRV - [2002/07/25 12:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) Icatch(IV)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 22:08:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 19:49:36 | 000,000,000 | ---D | M]

[2009/04/01 21:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pops\Application Data\Mozilla\Extensions
[2010/10/26 20:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pops\Application Data\Mozilla\Firefox\Profiles\g3l7j67y.default\extensions
[2009/08/09 21:04:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pops\Application Data\Mozilla\Firefox\Profiles\g3l7j67y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/26 20:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/08/11 19:15:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.DLL ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [owkcvfpo] C:\Documents and Settings\Pops\Local Settings\Application Data\bhyyveuol\rfkfajptssd.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe (General)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [owkcvfpo] C:\Documents and Settings\Pops\Local Settings\Application Data\bhyyveuol\rfkfajptssd.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Pops\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} [You must be registered and logged in to see this link.] (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Pops\Application Data\hotfix.exe) - C:\Documents and Settings\Pops\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Pops\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pops\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6aa6bd97-e46a-11de-90a5-001372c3c80b}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa6bd97-e46a-11de-90a5-001372c3c80b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6aa6bd97-e46a-11de-90a5-001372c3c80b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/26 21:04:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pops\Desktop\OTL.exe
[2010/10/26 20:02:58 | 000,000,000 | ---D | C] -- C:\f8853a6b74555d20aa
[2010/10/14 21:13:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Pops\IECompatCache
[2010/10/13 20:15:35 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 20:15:35 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/13 20:15:35 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 20:15:28 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/03 10:01:03 | 008,534,336 | ---- | C] (Mozilla) -- C:\Documents and Settings\Pops\My Documents\Firefox Setup 3.6.10.exe
[2009/04/07 22:35:12 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgserv.dll
[2009/04/07 22:35:12 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgusb1.dll
[2009/04/07 22:35:11 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpmui.dll
[2009/04/07 22:35:11 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgprox.dll
[2009/04/07 22:35:11 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpplc.dll
[2009/04/07 22:35:09 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomc.dll
[2009/04/07 22:35:09 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcglmpm.dll
[2009/04/07 22:35:09 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgiesc.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcginpa.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcghbn3.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/26 21:03:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pops\Desktop\OTL.exe
[2010/10/26 20:46:28 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7825764A-1790-437D-8806-CF94CF0A1F81}.job
[2010/10/26 20:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/26 20:28:23 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/26 20:11:53 | 000,463,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/26 20:11:53 | 000,078,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/26 20:07:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/26 20:00:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/26 20:00:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 04:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 03:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 02:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 01:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 00:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/24 23:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/24 22:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/24 21:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/24 19:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/24 18:35:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/24 17:35:10 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/24 17:34:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/24 16:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/24 15:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/24 14:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/24 13:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/24 12:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/24 11:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/24 09:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/24 08:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/24 07:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/24 06:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/24 05:35:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/20 21:17:39 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Pops\Application Data\completescan
[2010/10/20 21:02:43 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Pops\Application Data\install
[2010/10/20 21:01:52 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\Pops\Application Data\2833.bat
[2010/10/14 03:18:45 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 03:02:20 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 21:52:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/07 21:57:12 | 008,534,336 | ---- | M] (Mozilla) -- C:\Documents and Settings\Pops\My Documents\Firefox Setup 3.6.10.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/20 21:10:04 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Pops\Application Data\completescan
[2010/10/20 21:02:43 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Pops\Application Data\install
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/20 21:01:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/20 21:01:52 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\Pops\Application Data\2833.bat
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/20 21:01:51 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/11/01 20:01:18 | 000,005,553 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2009/08/09 18:31:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/08/02 14:25:15 | 000,014,891 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bohekubigy.dl
[2009/08/02 14:25:15 | 000,013,142 | ---- | C] () -- C:\Documents and Settings\Pops\Local Settings\Application Data\furovinu.db
[2009/08/02 14:25:15 | 000,012,602 | ---- | C] () -- C:\Documents and Settings\Pops\Application Data\ovupumafo.ban
[2009/08/02 14:25:15 | 000,012,343 | ---- | C] () -- C:\Documents and Settings\Pops\Application Data\kylys._sy
[2009/08/02 14:25:15 | 000,011,476 | ---- | C] () -- C:\Documents and Settings\Pops\Local Settings\Application Data\ywaq.lib
[2009/04/07 22:35:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcgvs.dll
[2009/04/07 22:35:08 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcgutil.dll
[2009/04/07 22:34:59 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcginsb.dll
[2009/04/07 22:34:59 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcgins.dll
[2009/04/07 22:34:59 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcgjswr.dll
[2009/04/07 22:34:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcginsr.dll
[2009/04/07 22:34:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcgcub.dll
[2009/04/07 22:34:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcgcu.dll
[2009/04/07 22:34:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcgcur.dll
[2009/01/03 20:09:14 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2009/01/03 20:09:14 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2008/11/13 20:12:11 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Pops\Application Data\PFP120JPR.{PB
[2008/11/13 20:12:11 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Pops\Application Data\PFP120JCM.{PB
[2008/11/13 20:11:52 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/11/13 20:11:52 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\D6B34D47D1.sys
[2008/03/15 16:05:34 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Pops\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/26 00:55:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Pops\Local Settings\Application Data\fusioncache.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/28 10:31:44 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcgcoin.dll
[2006/09/06 05:27:28 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcgcfg.dll
[2006/04/10 18:27:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/10 18:21:17 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/10 17:49:34 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/05 10:32:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcgcnv4.dll

< End of report >

cmatt
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-08-09
OS OS : XP Home
Points Points : 26935
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by cmatt on 27th October 2010, 2:11 am

OTL Extras logfile created on: 10/26/2010 9:04:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Pops\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 125.00 Gb Free Space | 86.62% Space Free | Partition Type: NTFS

Computer Name: D9QNDS91 | User Name: Pops | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Avira\AntiVir Desktop\avcenter.exe" = C:\Program Files\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:Start AntiVir -- (Avira GmbH)
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
"C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsole.exe" = C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsole.exe:*:Enabled:- Play Games - -- (WildTangent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1205500-2179-11D7-B0B9-0000E24D4B29}" = Digital Camera
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Dell AIO 810" = Dell AIO 810
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"FixUstor" = Generic color icon driver
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Savings Bond Wizard" = Savings Bond Wizard
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Sunplus CA533A" = Icatch(IV) Camera Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2010 9:28:53 PM | Computer Name = D9QNDS91 | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Activation Module -- Error 1706. An installation package
for the product Sonic Activation Module cannot be found. Try the installation again
using a valid copy of the installation package 'Activate.MSI'.

Error - 10/26/2010 9:29:03 PM | Computer Name = D9QNDS91 | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Activation Module -- Error 1706. An installation package
for the product Sonic Activation Module cannot be found. Try the installation again
using a valid copy of the installation package 'Activate.MSI'.

[ System Events ]
Error - 10/26/2010 9:09:43 PM | Computer Name = D9QNDS91 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/26/2010 9:11:53 PM | Computer Name = D9QNDS91 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/26/2010 9:11:53 PM | Computer Name = D9QNDS91 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/26/2010 9:11:53 PM | Computer Name = D9QNDS91 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/26/2010 9:27:46 PM | Computer Name = D9QNDS91 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/26/2010 9:27:46 PM | Computer Name = D9QNDS91 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/26/2010 9:28:03 PM | Computer Name = D9QNDS91 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/26/2010 9:28:03 PM | Computer Name = D9QNDS91 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/26/2010 9:41:28 PM | Computer Name = D9QNDS91 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 10/26/2010 9:41:28 PM | Computer Name = D9QNDS91 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding


< End of report >

cmatt
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-08-09
OS OS : XP Home
Points Points : 26935
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by Belahzur on 28th October 2010, 12:31 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by cmatt on 28th October 2010, 1:55 am

ComboFix 10-10-26.04 - Pops 10/27/2010 20:46:25.2.2 - x86
Running from: c:\documents and settings\Pops\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pops\Cookies\mynuw.db
c:\documents and settings\Pops\Cookies\qafogy.pif
c:\documents and settings\Pops\Cookies\qerolory.vbs
c:\documents and settings\Pops\Local Settings\Application Data\bhyyveuol\rfkfajptssd.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-27 04:09 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-27 02:46 . 2010-10-27 02:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-27 02:41 . 2010-10-27 02:41 -------- d-----w- c:\documents and settings\Pops\Local Settings\Application Data\Sunbelt Software
2010-10-27 02:40 . 2010-10-27 02:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-27 01:02 . 2010-10-27 01:03 -------- d-----w- C:\f8853a6b74555d20aa
2010-10-21 02:01 . 2010-10-21 02:01 194 ----a-w- c:\documents and settings\Pops\Application Data\2833.bat
2010-10-15 02:13 . 2010-10-15 02:13 -------- d-sh--w- c:\documents and settings\Pops\IECompatCache
2010-10-14 01:15 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 01:15 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 01:15 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 01:15 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 15:18 . 2010-09-26 15:18 1409 ----a-w- c:\windows\QTFont.for
2010-09-23 07:46 . 2009-08-09 22:34 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-18 17:23 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 09:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 09:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-08-16 09:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2005-08-16 09:18 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-08-16 09:18 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-08-16 09:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-04-10 22:48 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 10:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-08-16 09:18 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-08-16 09:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-27 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-10 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-10 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-04-10 169472]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"UMonit"="c:\windows\system32\umonit.exe" [2006-07-26 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\Pops\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-10 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-25 19:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avcenter.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-10-27 12872]
R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [2002-10-21 515803]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-27 1357464]
R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2006-07-26 6016]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-10-27 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-10-27 12872]

.
Contents of the 'Scheduled Tasks' folder

2010-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 02:46]

2010-10-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-29 02:47]

2010-10-28 c:\windows\Tasks\User_Feed_Synchronization-{7825764A-1790-437D-8806-CF94CF0A1F81}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Pops\Application Data\Mozilla\Firefox\Profiles\g3l7j67y.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-owkcvfpo - c:\documents and settings\Pops\Local Settings\Application Data\bhyyveuol\rfkfajptssd.exe
HKLM-Run-owkcvfpo - c:\documents and settings\Pops\Local Settings\Application Data\bhyyveuol\rfkfajptssd.exe
AddRemove-FixUstor - c:\windows\temp\fixustor\remove.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-27 20:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
UMonit = c:\windows\system32\umonit.exe?mi_01pY??\Vid?Y??\???8????????Y??8????Y??B\RO????8???????????????????????????h?????A~?Y???????????b@?????????????????@$?|?????$?|??B~??@???E~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c7,f9,df,5b,03,ea,02,42,a8,d8,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c7,f9,df,5b,03,ea,02,42,a8,d8,a7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-27 20:53:10
ComboFix-quarantined-files.txt 2010-10-28 01:53

Pre-Run: 133,774,856,192 bytes free
Post-Run: 134,490,136,576 bytes free

- - End Of File - - C3DB136EC9B800AA8AE98EB168D1C18E

cmatt
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-08-09
OS OS : XP Home
Points Points : 26935
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by Belahzur on 29th October 2010, 1:22 am

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\documents and settings\Pops\Application Data\2833.bat

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by cmatt on 29th October 2010, 2:02 am

ComboFix updated itself to a newer version while I was performing this recent step. Let me know if I need to run it again.


ComboFix 10-10-27.A3 - Pops 10/28/2010 20:52:28.3.2 - x86
Running from: c:\documents and settings\Pops\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Pops\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

FILE ::
"c:\documents and settings\Pops\Application Data\2833.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pops\Application Data\2833.bat

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-27 04:09 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-27 02:46 . 2010-10-27 02:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-27 02:41 . 2010-10-27 02:41 -------- d-----w- c:\documents and settings\Pops\Local Settings\Application Data\Sunbelt Software
2010-10-27 02:40 . 2010-10-27 02:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-27 01:02 . 2010-10-27 01:03 -------- d-----w- C:\f8853a6b74555d20aa
2010-10-15 02:13 . 2010-10-15 02:13 -------- d-sh--w- c:\documents and settings\Pops\IECompatCache
2010-10-14 01:15 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 01:15 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 01:15 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 01:15 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 15:18 . 2010-09-26 15:18 1409 ----a-w- c:\windows\QTFont.for
2010-09-23 07:46 . 2009-08-09 22:34 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-18 17:23 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 09:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 09:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-08-16 09:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2005-08-16 09:18 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-08-16 09:18 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-08-16 09:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-04-10 22:48 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 10:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-08-16 09:18 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-08-16 09:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2010-10-28 01:34 . 2010-10-08 00:48 11701704 c:\windows\SoftwareDistribution\Download\Install\windows-kb890830-v3.12.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-27 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-10 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-10 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-04-10 169472]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"UMonit"="c:\windows\system32\umonit.exe" [2006-07-26 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\Pops\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-10 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-25 19:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avcenter.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-10-27 12872]
R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [2002-10-21 515803]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-27 1357464]
R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2006-07-26 6016]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-10-27 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-10-27 12872]

.
Contents of the 'Scheduled Tasks' folder

2010-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 02:46]

2010-10-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-29 02:47]

2010-10-29 c:\windows\Tasks\User_Feed_Synchronization-{7825764A-1790-437D-8806-CF94CF0A1F81}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Pops\Application Data\Mozilla\Firefox\Profiles\g3l7j67y.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-28 20:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
UMonit = c:\windows\system32\umonit.exe?mi_01pY??\Vid?Y??\???8????????Y??8????Y??B\RO????8???????????????????????????h?????A~?Y???????????b@?????????????????@$?|?????$?|??B~??@???E~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c7,f9,df,5b,03,ea,02,42,a8,d8,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c7,f9,df,5b,03,ea,02,42,a8,d8,a7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-28 20:59:09
ComboFix-quarantined-files.txt 2010-10-29 01:59
ComboFix2.txt 2010-10-28 01:53

Pre-Run: 134,455,431,168 bytes free
Post-Run: 134,434,590,720 bytes free

- - End Of File - - F2C88E43013E3B5B55C6DFF6133870BC

cmatt
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-08-09
OS OS : XP Home
Points Points : 26935
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by Belahzur on 29th October 2010, 5:19 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by cmatt on 31st October 2010, 3:38 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8c357c023a74f04a96b597966df48b07
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-30 08:49:28
# local_time=2010-10-30 03:49:28 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 37597119 37597119 0 0
# compatibility_mode=1797 16775141 100 100 0 62416113 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=65883
# found=0
# cleaned=0
# scan_time=1822

cmatt
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-08-09
OS OS : XP Home
Points Points : 26935
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by Belahzur on 1st November 2010, 1:18 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.1
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 13
    Java(TM) 6 Update 17
    Viewpoint Media Player

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by cmatt on 1st November 2010, 11:19 pm

It appears to be running much better now. Thank you for your help.

Avira, Superantispyware, Ad-Aware and Malwarebytes are currently installed. Would you suggest I replace them with Microsoft Security Essentials?

cmatt
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-08-09
OS OS : XP Home
Points Points : 26935
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by Belahzur on 2nd November 2010, 12:38 am

No, the combination you have now works well.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thought I got rid of the Thinkpoint virus...

Post by cmatt on 2nd November 2010, 4:06 am

Great. Thank you so much for your help. My inlaws are very happy.

cmatt
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-08-09
OS OS : XP Home
Points Points : 26935
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum