Need assistance with ThinkPoint removal

View previous topic View next topic Go down

Need assistance with ThinkPoint removal

Post by edw4rd on Sat Oct 30, 2010 2:04 am

Hello,

I've read through a handful of posts here regarding ThinkPoint removal in an attempt to find a solution to my situation without having to take up any of your time, but I cannot find a solution that fits my scenario exactly. I do not want to try a fix and make the situation worse. I have basic - medium knowledge with computers; I have no knowledge of coding.

*Note* I am currently using my laptop, and I believe it's running Vista Home Premium as well. Affected computer is my Desktop which uses Vista Home Premium.

Upon starting my Desktop the normal screens appear and it directs me to my User login screen. After entering my password it directs me to a black screen with the ThinkPoint virus window open. It has a greyed, unselectable option for "Normal startup" and a selectable option for "Safe startup." (*Note - My father-in-law has pressed the "Safe startup" option once and let the virus run its fake scan for at least 10 minutes before I noticed and shut the computer off) At this point if I do Ctrl-Alt-Delete and close the program, I receive a black screen.

If I start my Desktop in Safe Mode with Networking, the text will cycle and then I am prompted with User Login. After entering my password, the ThinkPoint window appears as well. If I Ctrl-Alt-Delete and end the "hotfix.exe" process, I receive a black screen here as well with "Safe Mode" still in all four corners and "Microsoft (R) Windows (R) (Build 6001: Service Pack 1)" at the top, all in white letters.

Any assistance is *greatly* appreciated as it will save my wife and me money by avoiding a costly repair bill or purchasing a new harddrive altogether. Thank you in advance.

-"edw4rd"


edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by Belahzur on Sat Oct 30, 2010 11:13 pm

Hello.
Use Task Manager to close hotfix, then use to start explorer.

Open the Task Manager via ctrl/alt/del. Go to the "Applications" tab, and press "New Task..."

In the open field, type in explorer an hit the OK button.

Does your Desktop load now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Sun Oct 31, 2010 1:46 am

Hello,

Ok I started my Desktop with Safe Mode with Networking. ThinkPoint loaded. I ended process "hotfix.exe" with Ctrl-Alt-Delete. ThinkPoint window disappeared. Black screen as stated before. I did as you stated and entered new task "explorer." My desktop did in fact appear: start bar at bottom, icons at left, and Windows Help and Support window on the right, and a black background.

So far so good.

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Sun Oct 31, 2010 2:02 am

Also as a side note, while reading the various threads on here I noticed one regarding a "Redirect" problem. Before the "ThinkPoint" malware/virus problem with my desktop, something was "redirecting" me while doing Google or Yahoo searches to unknown websites. I had to Copy/Paste website addresses once I searched for them into the address line of the Internet Explorer to actually get to the desired website.

This seems like a different issue to me, but I thought I should post it here first incase it affects how you solve the ThinkPoint issue. I can post my "Redirect" issue at a separate time if need be.

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by Belahzur on Mon Nov 01, 2010 1:10 am

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Tue Nov 02, 2010 12:52 am

I completed your five steps as instructed. This post contains the OTL.txt contents, and my next post will contain the Extras.txt contents.


OTL logfile created on: 11/1/2010 8:33:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Jared\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 138.48 Gb Free Space | 48.93% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.12 Gb Free Space | 34.12% Space Free | Partition Type: NTFS

Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/01 20:30:03 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/01 20:30:03 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe
MOD - [2008/01/18 23:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2010/09/26 13:17:10 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/08/12 07:06:37 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/07 17:00:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/09/12 04:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/12 19:56:38 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/10/04 14:50:25 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/10/04 14:50:25 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/03/27 10:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/03/08 00:33:16 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/03/08 00:33:16 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/03/08 00:33:15 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/01/18 21:53:24 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2007/12/11 04:43:48 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/12 04:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/09/12 04:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/28 17:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:51:31 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 14:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 14:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SmartShopper) - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (SmartShopper Networks)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe (Lexmark)
O4 - HKLM..\Run: [LXDCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (SmartShopper Networks)
O9 - Extra Button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (SmartShopper Networks)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: brainfuse.com ([admin] http in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([admin] https in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: brainfuse.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} [You must be registered and logged in to see this link.] (Photo Upload Plugin Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {60246658-5626-449F-8701-66D278AD2EB2} [You must be registered and logged in to see this link.] (QCDetector.Base)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [You must be registered and logged in to see this link.] (Photo Upload Plugin Class)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} [You must be registered and logged in to see this link.] (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.154.1.8 24.154.1.67
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Jared\AppData\Roaming\hotfix.exe) - C:\Users\Jared\AppData\Roaming\hotfix.exe ()
O24 - Desktop WallPaper: C:\Users\Jared\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jared\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0daa43ae-a7c6-11dd-9476-001d092d9311}\Shell - "" = AutoRun
O33 - MountPoints2\{0daa43ae-a7c6-11dd-9476-001d092d9311}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{282e900f-17b8-11dd-be55-001d092d9311}\Shell - "" = AutoRun
O33 - MountPoints2\{282e900f-17b8-11dd-be55-001d092d9311}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{53beb92a-8e63-11de-b43e-001d092d9311}\Shell - "" = AutoRun
O33 - MountPoints2\{53beb92a-8e63-11de-b43e-001d092d9311}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{df6e9354-965f-11dd-b5bb-001d092d9311}\Shell - "" = AutoRun
O33 - MountPoints2\{df6e9354-965f-11dd-b5bb-001d092d9311}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 20:29:59 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe
[2008/06/20 13:19:33 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDChcp.dll
[2007/01/10 20:02:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdcpmui.dll
[2007/01/10 20:00:42 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdcserv.dll
[2007/01/10 19:54:42 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdccomm.dll
[2007/01/10 19:53:10 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdclmpm.dll
[2007/01/10 19:51:52 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdciesc.dll
[2007/01/10 19:49:44 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdcpplc.dll
[2007/01/10 19:49:00 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdccomc.dll
[2007/01/10 19:48:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdcprox.dll
[2007/01/10 19:42:24 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdcinpa.dll
[2007/01/10 19:41:44 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdcusb1.dll
[2007/01/10 19:37:42 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdchbn3.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/01 20:30:03 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe
[2010/10/30 21:45:11 | 000,614,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 21:45:11 | 000,108,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 21:40:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/28 17:26:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/28 17:26:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/28 17:26:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 18:30:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/07 19:50:11 | 000,000,002 | ---- | C] () -- C:\Users\Jared\AppData\Local\05748541005049.xxe
[2010/07/07 10:25:17 | 000,000,002 | ---- | C] () -- C:\Users\Jared\AppData\Local\0535049569854.xxe
[2010/07/07 10:25:16 | 000,000,002 | ---- | C] () -- C:\Users\Jared\AppData\Local\05554525610056.xxe
[2010/07/07 10:20:13 | 000,000,002 | ---- | C] () -- C:\Users\Jared\AppData\Local\0495355975549.xxe
[2010/05/27 18:06:12 | 000,000,116 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/01/18 14:30:22 | 000,000,111 | R--- | C] () -- C:\Windows\SV.INI
[2009/10/04 14:50:25 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/10/04 14:50:25 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/16 21:02:13 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/07 18:17:24 | 000,001,356 | ---- | C] () -- C:\Users\Jared\AppData\Local\d3d9caps.dat
[2008/06/20 13:19:35 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdcrwrd.ini
[2008/06/20 13:19:34 | 000,278,528 | ---- | C] () -- C:\Windows\System32\LXDCinst.dll
[2008/06/20 13:16:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdccoin.dll
[2008/04/17 21:59:18 | 000,006,725 | ---- | C] () -- C:\Program Files\install.log
[2008/03/12 19:47:46 | 000,000,093 | ---- | C] () -- C:\Users\Jared\AppData\Local\fusioncache.dat
[2008/03/12 19:44:59 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/03/12 19:05:57 | 000,053,760 | ---- | C] () -- C:\Users\Jared\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/07 16:57:54 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/02/12 06:46:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdcgrd.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/18 10:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdcvs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Jared\Documents\work_sched_sp_2010_revised_jan25[1].rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jared\Documents\Router Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jared\Documents\newvent.rtf:Roxio EMC Stream

< End of report >

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Tue Nov 02, 2010 12:53 am

OTL Extras logfile created on: 11/1/2010 8:33:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Jared\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 138.48 Gb Free Space | 48.93% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.12 Gb Free Space | 34.12% Space Free | Partition Type: NTFS

Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{171DE9F3-5E46-46A4-B4B3-05FB705AF357}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{18E44C10-C192-4D7A-9845-CF3308C03F34}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1FCDE8FD-0ACC-4AD4-A2F4-627755DED501}" = rport=139 | protocol=6 | dir=out | app=system |
"{28ED0D10-D184-4FC4-8A15-E7179816D3D9}" = rport=445 | protocol=6 | dir=out | app=system |
"{29A65DBB-8056-41EF-8D83-7349144C969E}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2B9089EB-4A80-406B-A57A-92A8BFD218A0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{2EB255FC-EFB0-4D85-A295-939933E7A84B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3561CA48-E1E3-4186-9437-ED09C92EEC4D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{378C013B-F361-4449-A1A3-78684D05EA62}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3D7CFA7F-82BB-4EE2-9FB3-7D6C443D227B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{48A4613E-8F7C-4111-8CA8-41B2E5FD0757}" = lport=138 | protocol=17 | dir=in | app=system |
"{4C1BAF09-2C89-456A-B1A7-2B136BE964A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4CD77CC9-0950-41E9-AD58-D70E0D200B9A}" = lport=137 | protocol=17 | dir=in | app=system |
"{4DCA4338-CFA6-4CCB-9F0C-69D82623C597}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{630FAC54-1E8D-4F37-9163-A548B4D7FA13}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{632F4B0E-7A7C-450F-AC8B-62F697621C88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{695E7F77-8648-4714-AEA8-F798D055353C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{911B3D38-A5D4-42A0-9299-1CF49FF8082A}" = lport=139 | protocol=6 | dir=in | app=system |
"{B27F1936-D68F-4F09-B8BA-34A954DEE00A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B823CEC7-CF9D-450B-BBD9-A15DC2609608}" = lport=445 | protocol=6 | dir=in | app=system |
"{C3792186-BDDF-472F-A035-86CAFAC414FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C8BE96F8-0587-470C-9D16-D6C9F6E91DCD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CF6F5BF1-4372-4A36-8AFE-355EBDD44887}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E157C819-F520-4AB3-A261-6376DA998228}" = rport=137 | protocol=17 | dir=out | app=system |
"{E5B5C2D6-8A50-4374-B6D7-029F854E7ABF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3CAB25E-9DF5-466C-BFAE-A13AC1C30293}" = rport=138 | protocol=17 | dir=out | app=system |
"{F4C58567-951C-4A2C-89EC-F11EB2D4B2B9}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AA5D86-C624-4ABC-B900-C922549D7871}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0A5AD19B-2DE1-460F-B473-CDC2D643EBA5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{0AECCF18-5944-45D4-882D-DB6416C2E47F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D4BB9B5-3986-46C4-9C1D-0409F66673A3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{12E65CFA-548E-48A2-AA17-CC881960AD20}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{19DCBDDB-57F0-4AAF-BB42-E851F03BE9A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1AF427D5-E526-4B72-9E34-7B6475B5A6F8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{1E6EC4AE-0CA4-4843-B1A8-88A6D26B17B9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{25C69089-96B5-41D4-9511-CF6BBEAEAF79}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2754CFD7-9E63-4F60-8901-464091250B83}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{31ABB405-722C-4A8E-BABD-EB69049B19C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{33A5A2A5-4B16-484F-9846-3D04EEC56B98}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{429E8D32-B751-4636-80EC-CE54B44E06E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4636E487-DC4A-4B9F-86E3-992EC97668A9}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{4BD91B94-9199-446C-B8B8-8ECF425B02DB}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{4C4755F2-565A-4C20-B69A-3DA49522F9EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50AC8560-0579-4C51-B434-B0ED333EC729}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{56E3FD2D-E7A2-4799-A068-0E88E2902B56}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{57D9E674-914C-46E9-857B-1DA5CC1E55D7}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{588F8BC6-A34B-4CAA-A215-DFB57F3E4CC8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5C4DFD2B-5E09-42EC-9676-938FF47CCB8A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{66FADC83-C677-4ED0-8FC1-26255B12A9F4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{74F09181-879D-431F-A572-54C90DEE97D4}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{79656E93-4248-4166-9384-A41C00F7361E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{80C0F392-7BE2-4F13-943F-19808637822D}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{82283284-C587-426A-9CE0-B9BE494DD9DD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8804F30F-B1AA-4F94-B0EB-AC90E1F8CA76}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{89403A4F-A074-48DC-95A4-810516B33D5C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{8B0F7EA2-EB6E-44BA-A189-C6159E82159C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D60BEC6-FC08-4290-9CD0-E7D047D39F6C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8D892B6A-1532-4E86-86DD-51D75DB03313}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{91FED145-4A57-40DF-90BC-2E82E4C9950E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{91FF6DF9-9D76-4B50-937D-45387C72DE53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93C012B6-11C1-4DA6-9A83-3DF817A4F1C5}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{960C0739-5EC7-423A-B689-5D3DEFE4ED00}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97AC7ADE-EF57-4A86-9F5F-599F49E5C5DA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{9D4770DA-4855-4312-AB0A-4D5A3C9DD0AF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A5F71ACE-4D05-462F-B58A-FA091CE60B9D}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{A88BE85C-566B-47C9-8E10-59A567945391}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{AD0EFF9F-72C8-4D3D-8330-6881DF703655}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ADED0930-02F4-4E51-8F04-4DE2E72B1617}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B7120A59-7A6E-4647-BE73-CBCC9A03FBD4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0B7D7E2-A700-434A-BC76-696020BC8B72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C45E4BCD-707B-4C15-8200-11C1334FD07C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{C7915BC6-963A-431B-BD5F-5FD3DED62E0B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CAC872DF-4328-4C94-9238-CE060761DF6D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CD29208A-9925-49AE-BD7A-ED38D4413D0A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CE777275-BFBF-4795-BC2F-488F3E1EFB45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E045C468-928D-4208-9CF0-83A103324DF9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E5C0C188-29E0-471A-83EB-A0FC5D66FA51}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E961592F-E191-4670-BFE5-2AD1B403B6BD}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{FEF2F77C-11A6-4CA0-86BB-F41AE0E0E4A0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{017586C1-1943-4E28-A77C-E5F161D84A72}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe |
"TCP Query User{13107AB1-E162-426A-9B8F-170BA61B429C}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"TCP Query User{16402915-0DE5-4216-8537-84B3800B1FD0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1AF6E5BE-8F3B-4492-9CB8-3FBDEBA05824}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{21C1F399-AC42-4859-A3D6-8E2FA7A4C492}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"TCP Query User{284DA9CD-4F6B-45C1-A693-684DFFE006B9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3CE8DB38-6E33-4311-AB85-8939CF39D2E5}C:\program files\v cast music with rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"TCP Query User{4F102F20-EB54-4E19-B4EC-DF6F55CFFC8D}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"TCP Query User{55880344-82A1-4C2D-87D3-7DAAEB191B02}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{56D3FD89-2A6C-4236-98F2-AD13A02BB8C2}C:\program files\steam\steamapps\x626xedw4rd\team fortress classic\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\x626xedw4rd\team fortress classic\hl.exe |
"TCP Query User{5C0B4174-7635-421F-898C-480647B43D89}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7669503E-097E-483B-8DDD-AA51C64F5622}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"TCP Query User{841C5FE1-A97D-4F44-800A-4316A2FF33BA}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{874460B2-EFE3-4D7B-9EF0-CADDEC1AA230}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{88A76BC3-E8B2-4C1E-8391-C8FD67709D75}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{8E870D74-ACB5-4BF7-B6C7-696452455A42}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"TCP Query User{8F14D006-782E-4477-B7DB-6F3CE76E35B6}C:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe |
"TCP Query User{A99F14A6-3352-4D52-882D-61778716810A}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{B761F26E-3155-4E95-A112-A9350E2813B5}C:\users\jared\documents\programs\aocpvp20080415\aocpvp20080415.exe" = protocol=6 | dir=in | app=c:\users\jared\documents\programs\aocpvp20080415\aocpvp20080415.exe |
"TCP Query User{BA9FB17B-7D6C-431A-9BA0-52CBA7099B1D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{BEFF2FBC-9D13-42E3-B475-CD765C0639C1}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{F3B7A202-6E91-4680-8C53-B0C46122E076}C:\windows\system32\ntvdm.exe" = protocol=6 | dir=in | app=c:\windows\system32\ntvdm.exe |
"UDP Query User{01F27238-79E7-4A2D-A7CD-F6273705A2B5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0D443D53-1CC8-459A-AAC2-62E2F1A7DDE6}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{0D74B165-CBB2-4824-BC89-E03D75362BC4}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe |
"UDP Query User{1B17C79F-644D-4B2E-888B-3E19FCB4BCFD}C:\users\jared\documents\programs\aocpvp20080415\aocpvp20080415.exe" = protocol=17 | dir=in | app=c:\users\jared\documents\programs\aocpvp20080415\aocpvp20080415.exe |
"UDP Query User{2BE5A574-AFBB-44C6-AB54-068211053607}C:\program files\steam\steamapps\x626xedw4rd\team fortress classic\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\x626xedw4rd\team fortress classic\hl.exe |
"UDP Query User{30475133-D479-42B4-B978-1AB9F0AD8676}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{4373EC27-82E0-46FA-8042-92C6BF6B3396}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{45E03009-8969-4E42-B06C-B1D4D6382E07}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{4A5F4859-871D-45CC-8848-1913331958EF}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"UDP Query User{50D8220E-B3F8-408F-9BA7-C6F1025E6E45}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{5D4E8E70-C100-4B84-9804-EB3D1AB0FB0A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{69DD0702-E446-42BE-9F19-767343F5394B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{6F37B260-1572-4706-ABDD-A1E88DFE175E}C:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe |
"UDP Query User{80ABBB9D-8431-47A3-92EB-0E05443FF5A5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{8D1C2B4E-E925-4AF9-B2C8-CE536F626094}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{923687AB-8854-4148-95C2-BA998B3EBD4F}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"UDP Query User{AB0D19AE-978E-49A9-BA5C-754B07406BD6}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{AC511DEC-03E4-42BD-9AC6-59927126EF8B}C:\windows\system32\ntvdm.exe" = protocol=17 | dir=in | app=c:\windows\system32\ntvdm.exe |
"UDP Query User{BF2F59D5-E1ED-42A9-883D-5E4A744F6FEB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E70FCFF1-13F8-408A-A76F-1A42F438C425}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"UDP Query User{EE631C2C-7C2F-4529-9085-1454DD3BEC65}C:\program files\v cast music with rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"UDP Query User{FAD3C637-8385-411C-9DA8-1F84E837EDAC}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3648253A-C2C4-4CFB-8BE5-381D1C638B94}" = GameSpy Comrade
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}" = Rome - Total War
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65AB08A4-56A4-4362-A9E7-F0A8D8901F80}" = WModem Driver Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{999927F7-7B51-4605-A424-F402A16F71B1}" = VZAccess Manager
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C127414C-A625-4E0A-8AC1-F970F9E566A3}" = Adobe Elements Studio Launcher
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2" = Adobe Soundbooth CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"Brainfuse Participant QuickConnect" = Brainfuse Participant QuickConnect
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Game Cam XPress" = Game Cam XPress 2.3.0
"Google Desktop" = Google Desktop
"Graphical Enhancement Textures" = Graphical Enhancement Textures 2.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"Lexmark 1300 Series" = Lexmark 1300 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mount&Blade" = Mount&Blade
"NVIDIA Drivers" = NVIDIA Drivers
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROR" = Microsoft Office Professional 2007 Trial
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Steam App 10500" = Empire: Total War
"Steam App 20" = Team Fortress Classic
"Steam App 48700" = Mount and Blade: Warband
"Steam App 7760" = X-COM: UFO Defense
"Windows Live Toolbar" = Windows Live Toolbar
"X3TerranConflict_is1" = X3 Terran Conflict v2.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5ebf929455e6ede1" = Wayfarer
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2010 1:28:39 AM | Computer Name = Jared-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00046480, process id 0xe0c, application
start time 0x01cb5ec761d5c00e.

Error - 9/28/2010 1:55:15 AM | Computer Name = Jared-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00046480, process id 0x294c, application
start time 0x01cb5ece4cfad60e.

Error - 9/28/2010 2:39:42 AM | Computer Name = Jared-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00046480, process id 0x1648, application
start time 0x01cb5ed202ef118e.

Error - 9/28/2010 3:26:46 PM | Computer Name = Jared-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3,
exception code 0xc0000005, fault offset 0x000951be, process id 0x1430, application
start time 0x01cb5ed83bc1d32e.

Error - 9/29/2010 1:20:34 AM | Computer Name = Jared-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00046480, process id 0x20e8, application
start time 0x01cb5f438b55e28e.

Error - 9/29/2010 2:08:41 AM | Computer Name = Jared-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00046480, process id 0x4334, application
start time 0x01cb5f9659db7aae.

Error - 9/29/2010 3:15:34 AM | Computer Name = Jared-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3,
exception code 0xc0000005, fault offset 0x000951be, process id 0x2438, application
start time 0x01cb5f9d128587ce.

Error - 9/29/2010 3:56:00 AM | Computer Name = Jared-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3,
exception code 0xc0000005, fault offset 0x000951be, process id 0x475c, application
start time 0x01cb5fa6657773ee.

Error - 9/29/2010 4:30:24 AM | Computer Name = Jared-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3,
exception code 0xc0000005, fault offset 0x000951be, process id 0x2c24, application
start time 0x01cb5fac0ca6078e.

Error - 9/29/2010 6:18:54 AM | Computer Name = Jared-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3,
exception code 0xc0000005, fault offset 0x000951be, process id 0x2010, application
start time 0x01cb5fb0d9eefd6e.

[ OSession Events ]
Error - 3/17/2009 3:33:33 PM | Computer Name = Jared-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 41768
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 3/17/2009 3:36:09 PM | Computer Name = Jared-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 139
seconds with 120 seconds of active time. This session ended with a crash.

Error - 3/17/2009 3:37:33 PM | Computer Name = Jared-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 71
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2/15/2010 11:21:47 PM | Computer Name = Jared-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 455310
seconds with 5400 seconds of active time. This session ended with a crash.

Error - 5/17/2010 9:18:22 PM | Computer Name = Jared-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 97784
seconds with 2940 seconds of active time. This session ended with a crash.

Error - 7/7/2010 7:40:04 PM | Computer Name = Jared-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36028
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/29/2010 9:44:15 PM | Computer Name = Jared-PC | Source = DCOM | ID = 10005
Description =

Error - 10/30/2010 9:40:54 PM | Computer Name = Jared-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:08:10 AM on 10/30/2010 was unexpected.

Error - 10/30/2010 9:42:14 PM | Computer Name = Jared-PC | Source = DCOM | ID = 10005
Description =

Error - 10/30/2010 9:42:21 PM | Computer Name = Jared-PC | Source = DCOM | ID = 10005
Description =

Error - 10/30/2010 9:42:23 PM | Computer Name = Jared-PC | Source = DCOM | ID = 10005
Description =

Error - 10/30/2010 9:42:26 PM | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/30/2010 9:42:26 PM | Computer Name = Jared-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/30/2010 9:42:29 PM | Computer Name = Jared-PC | Source = DCOM | ID = 10005
Description =

Error - 10/31/2010 9:42:34 PM | Computer Name = Jared-PC | Source = DCOM | ID = 10005
Description =

Error - 10/31/2010 10:01:01 PM | Computer Name = Jared-PC | Source = DCOM | ID = 10005
Description =


< End of report >

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Wed Nov 03, 2010 9:17 pm

bump

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by Belahzur on Thu Nov 04, 2010 12:16 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O20 - HKCU Winlogon: Shell - (C:\Users\Jared\AppData\Roaming\hotfix.exe) - C:\Users\Jared\AppData\Roaming\hotfix.exe ()
    [2010/07/07 19:50:11 | 000,000,002 | ---- | C] () -- C:\Users\Jared\AppData\Local\05748541005049.xxe
    [2010/07/07 10:25:17 | 000,000,002 | ---- | C] () -- C:\Users\Jared\AppData\Local\0535049569854.xxe
    [2010/07/07 10:25:16 | 000,000,002 | ---- | C] () -- C:\Users\Jared\AppData\Local\05554525610056.xxe
    [2010/07/07 10:20:13 | 000,000,002 | ---- | C] () -- C:\Users\Jared\AppData\Local\0495355975549.xxe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Thu Nov 04, 2010 12:51 am

Here are the contents of the fix log:


========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Jared\AppData\Roaming\hotfix.exe deleted successfully.
C:\Users\Jared\AppData\Roaming\hotfix.exe moved successfully.
C:\Users\Jared\AppData\Local\05748541005049.xxe moved successfully.
C:\Users\Jared\AppData\Local\0535049569854.xxe moved successfully.
C:\Users\Jared\AppData\Local\05554525610056.xxe moved successfully.
C:\Users\Jared\AppData\Local\0495355975549.xxe moved successfully.

OTL by OldTimer - Version 3.2.17.2 log created on 11032010_204847

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by Belahzur on Thu Nov 04, 2010 12:59 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Thu Nov 04, 2010 9:33 pm

Contents of mbam-log:


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5046

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

11/4/2010 5:32:01 PM
mbam-log-2010-11-04 (17-32-01).txt

Scan type: Quick scan
Objects scanned: 146149
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 34
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\smartshopper.hbax (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ca295d63-514a-4ed0-9b5f-640890f2366b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0e8c398-dabe-4ce1-b4d9-ed43b64923f5} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{064c57b4-b9ec-425f-b9b3-bceffeea74d9} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0755e4f0-3f92-4a67-ad14-e9f287f76fbc} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{137e6e5e-a205-4657-a49f-1ab865787089} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{137e6e5e-a205-4657-a49f-1ab865787089} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2260d608-c844-435d-90fd-dc16cfa577f2} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bceb373d-a35a-4200-bd43-8586cd9dfae7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.hbax.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.hbinfoband (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.hbinfoband.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebutton (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebutton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttona (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttona.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttonb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttonb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.smrtshprctl (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.smrtshprctl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{08aa0598-6a23-4364-9bf4-6d5f57f42993} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c7f127df-8877-4e1e-a196-fbbecbc5bc6d} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2615f050-9c18-4267-b711-8e3687dc0145} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cb0d9d8c-535e-4352-ba8f-65c3c8676612} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\Bin\2.5.0 (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Users\Jared\AppData\Local\Temp\0.46730890031235384.exe (Rogue.FakeMSEA) -> Quarantined and deleted successfully.
C:\Users\Jared\AppData\Local\Temp\33F5.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Users\Jared\AppData\Local\Temp\67F6.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Active Security\core.cga (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper Help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\Uninstall SmartShopper.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Thu Nov 04, 2010 9:58 pm

Note*

I was indeed prompted to restart my computer after clicking "Remove Selected." I clicked yes to restart, and my computer went to the "Logging off"screen but stayed there for at least 5 minutes without shutting down. I then turned the power off manually and restarted. I logged in on Safemode with Networking.

This time after logging into my user the ThinkPoint window did not appear and the Safe Mode desktop appeared. I opened Internet Explorer and came to the GeekPolice website. Then another website opened:

[You must be registered and logged in to see this link.]

It has a plain background with a window pop-up that states "Errors have been found in your operating system registry! Click to download free registry cleaner software."

I haven't clicked anything on that website or attempted to close it.

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by Belahzur on Thu Nov 04, 2010 10:20 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Fri Nov 05, 2010 1:18 am

Hello,

I completed your instructions. However, the first time I ran Combofix I had not noticed that Windows Defender was active. When I rebooted the computer it froze on the screen "Logging off"again. I did a manual reboot back into Safe Mode with Networking and then followed the steps under the provided link to disable Windows Defender.

I then re-ran Combofix (it worked much much more quickly this time) and a window named "Rootkit !!" opened stating (forgot to quote it) that there were infected files in the root or registry (cannot remember) and it asked me to write down the names of the following files:

C:\Documents and Settings\releaseengineer\Application Data\ntos.exe
C:\Documents and Settings\releaseengineer\Application Data\oembios.exe
C:\Documents and Settings\releaseengineer\Application Data\twext.exe
C:\Documents and Settings\releaseengineer\Application Data\twex.exe
C:\Documents and Settings\releaseengineer\Application Data\sdra64.exe
C:\Documents and Settings\releaseengineer\Application Data\intel64.exe
C:\Documents and Settings\releaseengineer\Application Data\wsnpoema.exe
C:\Documents and Settings\releaseengineer\Application Data\swin32.exe
C:\Documents and Settings\releaseengineer\Application Data\localsys64.exe
C:\Documents and Settings\releaseengineer\Application Data\64dlls.exe
C:\Documents and Settings\releaseengineer\Application Data\sdra73.exe
C:\Documents and Settings\releaseengineer\Application Data\Kernel32.exe

I then clicked "Ok" and Combofix rebooted the machine and the computer completed a successful restart. It drove me into normal mode and directly to my Desktop. However, I searched for C:\combofix.txt and could not locate it.

Desktop is currently on normal mode. If your next step requires me to re-enter Safe Mode with Networking please let me know.


Last edited by edw4rd on Fri Nov 05, 2010 1:24 am; edited 1 time in total (Reason for editing : To clarify)

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Sun Nov 07, 2010 12:19 am

bump

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by Sneakyone on Sun Nov 07, 2010 6:42 pm

Hi,

Could you please try running it again in normal mode and see if it produces a log this time?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Tue Nov 09, 2010 4:07 am

Hello,

I ran Combofix in normal mode as you requested. I received the window "Rootkit !!" again which stated "Combofix has detected the presence of rootkit activity and needs to reboot the machine." I rebooted and this time after logging into my user Combofix opened up and continued its scan. This time it completed its scan and the log appeared:


ComboFix 10-11-07.A2 - Jared 11/08/2010 22:39:53.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2379 [GMT -5:00]
Running from: c:\users\Jared\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\releaseengineer\Application Data\64dlls.exe
c:\documents and settings\releaseengineer\Application Data\intel64.exe
c:\documents and settings\releaseengineer\Application Data\Kernel32.exe
c:\documents and settings\releaseengineer\Application Data\localsys64.exe
c:\documents and settings\releaseengineer\Application Data\ntos.exe
c:\documents and settings\releaseengineer\Application Data\oembios.exe
c:\documents and settings\releaseengineer\Application Data\sdra64.exe
c:\documents and settings\releaseengineer\Application Data\sdra73.exe
c:\documents and settings\releaseengineer\Application Data\swin32.exe
c:\documents and settings\releaseengineer\Application Data\twex.exe
c:\documents and settings\releaseengineer\Application Data\twext.exe
c:\documents and settings\releaseengineer\Application Data\wsnpoema.exe
C:\install.exe
c:\program files\INSTALL.LOG
c:\program files\Zumie
c:\program files\Zumie\Zumie_deleted_\zumie.dll
c:\program files\Zumie\Zumie_deleted_\zumie.exe
c:\program files\Zumie\Zumie_deleted0\zumie.dll
c:\program files\Zumie\Zumie_deleted0\zumie.exe
c:\users\Jared\AppData\Roaming\install
c:\windows\sv.ini
c:\windows\system32\BSTIEPrintCtl1.dll

Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.

2010-11-09 03:51 . 2010-11-09 03:54 -------- d-----w- c:\users\Jared\AppData\Local\temp
2010-11-09 03:51 . 2010-11-09 03:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-09 02:10 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-11-09 02:10 . 2010-04-14 17:45 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-09 02:10 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-09 02:10 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-11-09 02:10 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-11-09 02:03 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-11-05 01:21 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-05 01:21 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-11-05 01:21 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-05 01:21 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-11-05 01:21 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-11-05 01:21 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-05 01:21 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-05 01:21 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-11-05 01:21 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-04 21:21 . 2010-11-04 21:21 -------- d-----w- c:\users\Jared\AppData\Roaming\Malwarebytes
2010-11-04 21:21 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 21:21 . 2010-11-04 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-04 21:21 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 00:48 . 2010-11-04 00:48 -------- d-----w- C:\_OTL
2010-10-16 01:10 . 2010-10-16 01:10 204 ----a-w- c:\users\Jared\AppData\Roaming\24023.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 16:01 . 2010-11-05 01:20 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01 . 2010-11-05 01:20 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01 . 2010-11-05 01:20 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01 . 2010-11-05 01:20 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-07 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]
"LXDCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-18 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-7 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-12 29744]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-21 32408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-02-12 537520]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2008-03-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 15:17]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 15:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: brainfuse.com\admin
Trusted Zone: brainfuse.com\www
DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - [You must be registered and logged in to see this link.]
DPF: {60246658-5626-449F-8701-66D278AD2EB2} - [You must be registered and logged in to see this link.]
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-lxdcmon.exe - c:\program files\Lexmark 1300 Series\lxdcmon.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-08 22:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3779093468-2121455466-2133628372-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,99,8e,94,7d,cb,8e,6c,a4,e8,3c,59,4c,99,07,27,fa,6d,2a,92,74,
b8,00,51,63,41,da,67,ab,d9,f0,e7,a6,ab,2b,7b,d7,87,92,35,e8,b2,34,e0,f4,e6,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3588)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\XPSMiniViewGadget\XPSMiniViewGadget.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-11-08 23:00:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-09 04:00

Pre-Run: 135,374,929,920 bytes free
Post-Run: 136,050,040,832 bytes free

- - End Of File - - E5EA78EE475D225A66FA40A3F16FC3BF

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by Belahzur on Wed Nov 10, 2010 12:33 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\users\Jared\AppData\Roaming\24023.bat
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Thu Nov 11, 2010 1:09 am

I did as you requested. Here are the contents of that log:


ComboFix 10-11-07.A2 - Jared 11/10/2010 18:47:29.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2395 [GMT -5:00]
Running from: c:\users\Jared\Desktop\ComboFix.exe
Command switches used :: c:\users\Jared\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Jared\AppData\Roaming\24023.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\releaseengineer\Application Data\64dlls.exe
c:\documents and settings\releaseengineer\Application Data\intel64.exe
c:\documents and settings\releaseengineer\Application Data\Kernel32.exe
c:\documents and settings\releaseengineer\Application Data\localsys64.exe
c:\documents and settings\releaseengineer\Application Data\ntos.exe
c:\documents and settings\releaseengineer\Application Data\oembios.exe
c:\documents and settings\releaseengineer\Application Data\sdra64.exe
c:\documents and settings\releaseengineer\Application Data\sdra73.exe
c:\documents and settings\releaseengineer\Application Data\swin32.exe
c:\documents and settings\releaseengineer\Application Data\twex.exe
c:\documents and settings\releaseengineer\Application Data\twext.exe
c:\documents and settings\releaseengineer\Application Data\wsnpoema.exe
c:\users\Jared\AppData\Roaming\24023.bat

.
((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-10 23:56 . 2010-11-10 23:56 -------- d-----w- c:\users\Jared\AppData\Local\temp
2010-11-10 23:56 . 2010-11-10 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-09 02:10 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-11-09 02:10 . 2010-04-14 17:45 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-09 02:10 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-09 02:10 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-11-09 02:10 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-11-09 02:03 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-11-05 01:21 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-05 01:21 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-11-05 01:21 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-05 01:21 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-11-05 01:21 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-11-05 01:21 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-05 01:21 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-05 01:21 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-11-05 01:21 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-04 21:21 . 2010-11-04 21:21 -------- d-----w- c:\users\Jared\AppData\Roaming\Malwarebytes
2010-11-04 21:21 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 21:21 . 2010-11-04 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-04 21:21 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 00:48 . 2010-11-04 00:48 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 16:01 . 2010-11-05 01:20 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01 . 2010-11-05 01:20 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01 . 2010-11-05 01:20 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01 . 2010-11-05 01:20 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-07 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]
"LXDCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-18 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-7 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-12 29744]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-21 32408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-02-12 537520]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2008-03-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 15:17]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 15:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: brainfuse.com\admin
Trusted Zone: brainfuse.com\www
DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - [You must be registered and logged in to see this link.]
DPF: {60246658-5626-449F-8701-66D278AD2EB2} - [You must be registered and logged in to see this link.]
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-10 18:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3779093468-2121455466-2133628372-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,99,8e,94,7d,cb,8e,6c,a4,e8,3c,59,4c,99,07,27,fa,6d,2a,92,74,
b8,00,51,63,41,da,67,ab,d9,f0,e7,a6,ab,2b,7b,d7,87,92,35,e8,b2,34,e0,f4,e6,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-10 18:57:21
ComboFix-quarantined-files.txt 2010-11-10 23:57
ComboFix2.txt 2010-11-09 04:00

Pre-Run: 132,134,555,648 bytes free
Post-Run: 132,077,109,248 bytes free

- - End Of File - - C8A70D3FA58C018BF06E04949897A69C

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by Belahzur on Thu Nov 11, 2010 1:30 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Fri Nov 12, 2010 11:51 pm

Hello,

I removed Combofix and ran the ESET online scanner as requested. However, there's a bit of a catch. The first time I ran ESET it found 5 threats and removed 5 threats. Before I searched for the log I clicked "Uninstall application on close" then clicked Finish. When I searched for the log it was not there. I'm assuming I accidentally removed it. So I ran ESET scanner again. This time it says it found 0 infected files and cleaned 0 files. Here is the log this time:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - delete file error:Access is denied.

OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d4a1f923ea50fe4d815e1845b3d241ad
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-12 04:21:25
# local_time=2010-11-11 11:21:25 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776638 100 100 8848798 126138751 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=259272
# found=0
# cleaned=0
# scan_time=4462

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need assistance with ThinkPoint removal

Post by edw4rd on Thu Nov 18, 2010 10:15 pm

bump

edw4rd
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-10-30
OS OS : Vista Home Premium
Points Points : 22503
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum