Thinkpoint is there an idiots guide to removal

Post new topic   Reply to topic

View previous topic View next topic Go down

Thinkpoint is there an idiots guide to removal

Post by woodywonka on 12th November 2010, 1:55 pm

Hello All
This is the first time i have tried this so here goes
Can anyone help me to remove thinkpoint from my computer and at the sane time recommend an anti-virus to hopefully stop this happening again
Cheers
Woodywonka


woodywonka
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by Belahzur on 13th November 2010, 12:56 am

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by Dr Jay on 22nd November 2010, 5:49 am

Are you still with us?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by woodywonka on 22nd November 2010, 1:46 pm

Thanks for the reply yes my computer is still runnuing very slow and have noticed that svchost .exe and a host of other programmes seem to be running continiously in the back ground your thoughts would be most appreiated
Woody

woodywonka
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by woodywonka on 22nd November 2010, 1:50 pm

OTL logfile created on: 12/11/2010 13:35:17 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\david\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 30.48 Gb Free Space | 20.45% Space Free | Partition Type: NTFS

Computer Name: DAVID-138E9770C | User Name: david | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/12 13:32:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\david\Desktop\OTL.com
PRC - [2010/09/29 14:46:48 | 000,057,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QueryExplorer\queryexplorer117.exe
PRC - [2010/09/29 14:46:48 | 000,057,624 | ---- | M] () -- C:\Program Files\QueryExplorer\queryexplorer.exe
PRC - [2010/05/14 18:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/09 16:45:50 | 000,585,184 | ---- | M] () -- C:\Program Files\File Helper\2.3.0.8\FileHelper.exe
PRC - [2010/02/03 16:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/14 16:56:46 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/05/02 03:56:10 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/23 13:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 13:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/02/24 03:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/10/21 17:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/21 17:26:10 | 001,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/25 12:00:00 | 000,177,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE
PRC - [2006/12/15 11:01:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/03/03 21:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/06/21 04:42:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/12 13:32:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\david\Desktop\OTL.com
MOD - [2010/09/29 14:47:26 | 000,577,536 | ---- | M] () -- C:\Program Files\QueryExplorer\queryexplorer.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/09/14 16:56:44 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/29 14:46:48 | 000,057,624 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\QueryExplorer\queryexplorer117.exe -- (QueryExplorer Service)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/05/14 18:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/30 04:30:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/30 03:44:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/21 17:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2006/12/15 11:01:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/01/21 21:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/30 18:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/12/30 18:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 18:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/12/30 18:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/11/19 21:33:20 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/05/30 14:11:35 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/05/30 14:11:35 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/25 22:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/25 02:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/25 08:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2008/11/25 08:35:54 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008/11/25 08:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/13 12:53:47 | 000,252,928 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/06/21 05:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/18 00:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/04/06 10:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/06 10:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/19 14:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\tbTV_1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/06/07 09:09:01 | 000,000,000 | ---D | M]

[2009/06/27 21:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\david\Application Data\Mozilla\Extensions
[2009/06/27 21:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\david\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (TV Bar 1.1 Toolbar) - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\tbTV_1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (TV Bar 1.1 Toolbar) - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\tbTV_1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (TV Bar 1.1 Toolbar) - {A386D4B0-FDDB-4E1C-AE61-4F014013CD9B} - C:\Program Files\TV_Bar_1.1\tbTV_1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [File Helper] C:\Program Files\File Helper\2.3.0.8\FileHelper.exe ()
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ErrorFix] C:\Program Files\ErrorFix\ErrorFix.exe File not found
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\david\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\david\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} [You must be registered and logged in to see this link.] (Ovi maps browser plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\david\Application Data\hotfix.exe) - C:\Documents and Settings\david\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/01 02:08:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9691d079-635f-11de-b4b0-0017311a9890}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} -
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{0cad3ba6-f244-42db-a8ce-d8d20b2a91c8} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 13:32:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\david\Desktop\OTL.com
[2010/11/12 12:48:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/12 12:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/11/12 12:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/12 12:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/11/12 12:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/11/12 12:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/11/12 12:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/11/12 12:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/11/12 12:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/12 12:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/12 12:17:02 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/12 12:17:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/12 12:17:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/12 12:17:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/12 12:15:50 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\david\Desktop\JavaSetup6u22.exe
[2010/11/11 16:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\david\Desktop\Google_files
[2010/11/05 23:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\GuffinsEI
[2010/10/29 14:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\david\Application Data\.minecraft
[2010/10/26 15:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/12 13:32:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\david\Desktop\OTL.com
[2010/11/12 13:22:24 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A14E43C8-594A-4F03-8107-0A5055E46EBE}.job
[2010/11/12 13:18:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 13:15:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/12 13:10:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/11/12 12:54:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/12 12:46:04 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/12 12:44:27 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/12 12:44:26 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/11/12 12:36:51 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\File Helper.lnk
[2010/11/12 12:36:43 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/12 12:36:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 12:36:14 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job

woodywonka
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by Belahzur on 23rd November 2010, 12:48 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKCU..\Run: [] File not found
    O4 - HKCU..\Run: [ErrorFix] C:\Program Files\ErrorFix\ErrorFix.exe File not found
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\david\Application Data\hotfix.exe) - C:\Documents and Settings\david\Application Data\hotfix.exe File not found

    :files
    C:\WINDOWS\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by woodywonka on 23rd November 2010, 9:15 am

Hello Thanks again for your help and hopefully this is the instruction you requested

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ErrorFix deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\david\Application Data\hotfix.exe deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.

OTL by OldTimer - Version 3.2.17.3 log created on 11232010_090846

woodywonka
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by Belahzur on 23rd November 2010, 10:09 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by woodywonka on 24th November 2010, 9:22 am

Hello done as requested above and this is combo-fix report
David

ComboFix 10-11-23.04 - david 24/11/2010 8:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1032 [GMT 0:00]
Running from: c:\documents and settings\david\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\QueryExplorer
c:\documents and settings\All Users\Application Data\QueryExplorer\queryexplorer119.exe
c:\documents and settings\david\Application Data\completescan
c:\documents and settings\david\Application Data\install
c:\documents and settings\david\Application Data\PriceGong
c:\documents and settings\david\Application Data\PriceGong\Data\1.xml
c:\documents and settings\david\Application Data\PriceGong\Data\a.xml
c:\documents and settings\david\Application Data\PriceGong\Data\b.xml
c:\documents and settings\david\Application Data\PriceGong\Data\c.xml
c:\documents and settings\david\Application Data\PriceGong\Data\d.xml
c:\documents and settings\david\Application Data\PriceGong\Data\e.xml
c:\documents and settings\david\Application Data\PriceGong\Data\f.xml
c:\documents and settings\david\Application Data\PriceGong\Data\g.xml
c:\documents and settings\david\Application Data\PriceGong\Data\h.xml
c:\documents and settings\david\Application Data\PriceGong\Data\i.xml
c:\documents and settings\david\Application Data\PriceGong\Data\J.xml
c:\documents and settings\david\Application Data\PriceGong\Data\k.xml
c:\documents and settings\david\Application Data\PriceGong\Data\l.xml
c:\documents and settings\david\Application Data\PriceGong\Data\m.xml
c:\documents and settings\david\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\david\Application Data\PriceGong\Data\n.xml
c:\documents and settings\david\Application Data\PriceGong\Data\o.xml
c:\documents and settings\david\Application Data\PriceGong\Data\p.xml
c:\documents and settings\david\Application Data\PriceGong\Data\q.xml
c:\documents and settings\david\Application Data\PriceGong\Data\r.xml
c:\documents and settings\david\Application Data\PriceGong\Data\s.xml
c:\documents and settings\david\Application Data\PriceGong\Data\t.xml
c:\documents and settings\david\Application Data\PriceGong\Data\u.xml
c:\documents and settings\david\Application Data\PriceGong\Data\v.xml
c:\documents and settings\david\Application Data\PriceGong\Data\w.xml
c:\documents and settings\david\Application Data\PriceGong\Data\x.xml
c:\documents and settings\david\Application Data\PriceGong\Data\y.xml
c:\documents and settings\david\Application Data\PriceGong\Data\z.xml
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc12.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc13.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc14.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc15.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc158.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc16.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc17.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc18.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc19.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc1A.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc1B.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc1C.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc1D.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc1E.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc1F.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc20.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc21.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc22.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc23.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc24.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc25.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc26.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc27.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc28.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc29.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc2A.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc2B.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc2C.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc2D.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc2E.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc2F.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc30.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc33.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc35.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc3B.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc6D.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc8E.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mccB8.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mccF5.tmp
c:\documents and settings\LocalService\Application Data\PriceGong
c:\documents and settings\LocalService\Application Data\PriceGong\Data\1.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\a.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\b.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\c.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\d.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\e.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\f.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\g.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\h.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\i.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\J.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\k.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\l.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\m.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\n.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\o.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\p.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\q.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\r.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\s.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\t.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\u.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\v.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\w.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\x.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\y.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\z.xml
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\2.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\3.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\3.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\3.bin\NPFUNWEB.DLL
c:\program files\FunWebProducts\Installr\Cache\012E8196.exe
c:\program files\FunWebProducts\Installr\Cache\files.ini
c:\program files\QueryExplorer
c:\program files\QueryExplorer\queryexplorer.dll
c:\program files\QueryExplorer\queryexplorer.exe
c:\program files\Shared\lib.dll
c:\program files\Shared\lib.sig
C:\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QUERYEXPLORER_SERVICE
-------\Service_QueryExplorer Service


((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.

2010-11-22 14:12 . 2010-11-22 14:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-19 09:19 . 2010-11-19 09:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-11-15 23:21 . 2010-11-15 23:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-12 17:27 . 2010-11-12 17:27 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2010-11-12 17:26 . 2010-11-12 17:26 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-11-12 17:26 . 2010-11-12 17:26 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-11-12 17:26 . 2010-11-12 17:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-11-12 17:26 . 2010-11-12 17:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\TV_Bar_1.1
2010-11-12 17:25 . 2010-11-12 17:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-11-12 13:56 . 2010-11-12 13:56 -------- d-----w- C:\_OTL
2010-11-12 12:44 . 2010-11-12 12:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-12 12:44 . 2010-11-12 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-12 12:44 . 2010-11-12 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-11-12 12:44 . 2010-11-12 17:24 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-12 12:17 . 2010-11-12 12:17 -------- d-----w- c:\program files\Common Files\Java
2010-11-12 12:17 . 2010-09-15 04:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-11 22:49 . 2010-11-11 22:49 243 ----a-w- c:\documents and settings\david\Application Data\sdfsdfgdsfgh.bat
2010-11-10 22:39 . 2010-11-10 22:39 218 ----a-w- c:\documents and settings\david\Application Data\sdfsf.bat
2010-11-06 11:37 . 2010-11-06 11:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-11-05 23:25 . 2010-11-05 23:25 -------- d-----w- c:\program files\GuffinsEI
2010-10-29 14:14 . 2010-10-29 14:18 -------- d-----w- c:\documents and settings\david\Application Data\.minecraft
2010-10-26 15:01 . 2010-10-26 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:29 . 2009-06-27 20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-02-18 22:38 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]
2010-10-27 21:40 3908192 ----a-w- c:\program files\TV_Bar_1.1\tbTV_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}"= "c:\program files\TV_Bar_1.1\tbTV_1.dll" [2010-10-27 3908192]

[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A386D4B0-FDDB-4E1C-AE61-4F014013CD9B}"= "c:\program files\TV_Bar_1.1\tbTV_1.dll" [2010-10-27 3908192]

[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-02 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"File Helper"="c:\program files\File Helper\2.3.0.8\FileHelper.exe" [2010-04-09 585184]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\david\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-10-30 576000]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-30 03:44 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

S2 gupdate1c9d5a0967c192e;Google Update Service (gupdate1c9d5a0967c192e);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2009 21:03 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/04/2010 18:09 137344]
.
Contents of the 'Scheduled Tasks' folder

2010-11-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 21:02]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 21:03]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 21:03]

2010-11-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-07-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-11-24 c:\windows\Tasks\User_Feed_Synchronization-{A14E43C8-594A-4F03-8107-0A5055E46EBE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
AddRemove-QueryExplorer - c:\program files\QueryExplorer\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-24 09:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: SAMSUNG_HD160JJ/P rev.ZM100-51 -> Harddisk0\DR0 -> \Device\00000032

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89A31446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89a37504]; MOV EAX, [0x89a37580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x89A6C968]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000067[0x89A1CA78]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x89A10030]
\Driver\nvata[0x89A6A580] -> IRP_MJ_CREATE -> 0x89A31446
error: Read The device is not ready.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000066 -> \??\IDE#DiskSAMSUNG_HD160JJ#P_______________________ZM100-51#30534644314A4C47303936363534202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-24 09:17:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-24 09:17

Pre-Run: 32,466,092,032 bytes free
Post-Run: 34,533,597,184 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 03727488834A8B64ACF4598639774A96

woodywonka
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by Belahzur on 24th November 2010, 10:52 pm

Hello.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by woodywonka on 25th November 2010, 5:45 pm

As per your instructions
2010/11/25 17:42:39.0515 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/25 17:42:39.0515 ================================================================================
2010/11/25 17:42:39.0515 SystemInfo:
2010/11/25 17:42:39.0515
2010/11/25 17:42:39.0515 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/25 17:42:39.0515 Product type: Workstation
2010/11/25 17:42:39.0515 ComputerName: DAVID-138E9770C
2010/11/25 17:42:39.0515 UserName: david
2010/11/25 17:42:39.0515 Windows directory: C:\WINDOWS
2010/11/25 17:42:39.0515 System windows directory: C:\WINDOWS
2010/11/25 17:42:39.0515 Processor architecture: Intel x86
2010/11/25 17:42:39.0515 Number of processors: 1
2010/11/25 17:42:39.0515 Page size: 0x1000
2010/11/25 17:42:39.0515 Boot type: Normal boot
2010/11/25 17:42:39.0515 ================================================================================
2010/11/25 17:42:39.0828 Initialize success
2010/11/25 17:42:47.0046 ================================================================================
2010/11/25 17:42:47.0046 Scan started
2010/11/25 17:42:47.0046 Mode: Manual;
2010/11/25 17:42:47.0046 ================================================================================
2010/11/25 17:42:47.0312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/25 17:42:47.0375 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/25 17:42:47.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/25 17:42:47.0531 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/25 17:42:47.0718 ALCXWDM (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/11/25 17:42:47.0937 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/25 17:42:48.0046 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/25 17:42:48.0109 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/25 17:42:48.0343 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/25 17:42:48.0390 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/25 17:42:48.0453 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/25 17:42:48.0546 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/25 17:42:48.0609 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/25 17:42:48.0656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/25 17:42:48.0703 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/25 17:42:48.0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/25 17:42:48.0953 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/25 17:42:49.0015 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/25 17:42:49.0062 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/25 17:42:49.0093 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/25 17:42:49.0140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/25 17:42:49.0203 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/25 17:42:49.0250 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/25 17:42:49.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/25 17:42:49.0312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/25 17:42:49.0343 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/25 17:42:49.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/25 17:42:49.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/25 17:42:49.0500 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
2010/11/25 17:42:49.0515 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/25 17:42:49.0546 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
2010/11/25 17:42:49.0609 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/25 17:42:49.0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/25 17:42:49.0734 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/25 17:42:49.0859 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/25 17:42:49.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/25 17:42:49.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/25 17:42:50.0093 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/25 17:42:50.0125 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/25 17:42:50.0140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/25 17:42:50.0203 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/25 17:42:50.0234 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/25 17:42:50.0281 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/25 17:42:50.0343 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/25 17:42:50.0375 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/25 17:42:50.0453 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/25 17:42:50.0500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/25 17:42:50.0640 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/11/25 17:42:50.0687 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/25 17:42:50.0750 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/25 17:42:50.0765 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/25 17:42:50.0828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/25 17:42:50.0843 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/25 17:42:51.0046 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/11/25 17:42:51.0125 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/11/25 17:42:51.0171 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/25 17:42:51.0250 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/25 17:42:51.0296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/25 17:42:51.0343 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/25 17:42:51.0390 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/25 17:42:51.0421 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/25 17:42:51.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/25 17:42:51.0515 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/11/25 17:42:51.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/25 17:42:51.0546 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/25 17:42:51.0578 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/25 17:42:51.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/25 17:42:51.0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/25 17:42:51.0671 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/25 17:42:51.0703 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/25 17:42:51.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/25 17:42:51.0796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/25 17:42:51.0875 nmwcd (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/11/25 17:42:51.0906 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/11/25 17:42:51.0968 nmwcdnsu (496f34fb30dd541350b29558842cd42a) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2010/11/25 17:42:52.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/25 17:42:52.0062 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/25 17:42:52.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/25 17:42:52.0156 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/11/25 17:42:52.0187 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/11/25 17:42:52.0218 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/11/25 17:42:52.0265 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/25 17:42:52.0296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/25 17:42:52.0359 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/25 17:42:52.0390 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/25 17:42:52.0421 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/25 17:42:52.0453 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/25 17:42:52.0484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/25 17:42:52.0546 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/25 17:42:52.0593 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/25 17:42:52.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/25 17:42:52.0875 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/25 17:42:52.0906 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/25 17:42:52.0937 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/25 17:42:53.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/25 17:42:53.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/25 17:42:53.0140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/25 17:42:53.0156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/25 17:42:53.0187 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/25 17:42:53.0203 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/25 17:42:53.0296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/25 17:42:53.0359 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/25 17:42:53.0437 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
2010/11/25 17:42:53.0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/25 17:42:53.0562 Ser2pl (b4664c1ee39a5b7fc112f4077f8d21a5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2010/11/25 17:42:53.0609 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/25 17:42:53.0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/25 17:42:53.0671 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/25 17:42:53.0750 Si3114r5 (09889d435edc82435b18c7c311fe5721) C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
2010/11/25 17:42:53.0781 SiFilter (46b92189fe4db53a09e3a0099aa3084c) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2010/11/25 17:42:53.0875 SiRemFil (b688378d258d1ecce4768cdb55d48d92) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
2010/11/25 17:42:53.0968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/25 17:42:54.0015 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/25 17:42:54.0093 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/25 17:42:54.0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/25 17:42:54.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/25 17:42:54.0312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/25 17:42:54.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/25 17:42:54.0468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/25 17:42:54.0484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/25 17:42:54.0546 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/25 17:42:54.0640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/25 17:42:54.0734 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/25 17:42:54.0812 upperdev (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/11/25 17:42:54.0890 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/25 17:42:54.0906 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/25 17:42:54.0968 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/25 17:42:55.0031 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/25 17:42:55.0078 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/25 17:42:55.0140 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/11/25 17:42:55.0156 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/11/25 17:42:55.0234 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/25 17:42:55.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/25 17:42:55.0343 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/25 17:42:55.0375 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/25 17:42:55.0453 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/11/25 17:42:55.0562 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/25 17:42:55.0687 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/11/25 17:42:55.0734 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/25 17:42:55.0781 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/25 17:42:55.0890 yukonwxp (a8d429e2268792638cffc57552c5e736) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/11/25 17:42:55.0937 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/25 17:42:55.0953 ================================================================================
2010/11/25 17:42:55.0953 Scan finished
2010/11/25 17:42:55.0953 ================================================================================
2010/11/25 17:42:55.0968 Detected object count: 1
2010/11/25 17:43:31.0640 \HardDisk0 - will be cured after reboot
2010/11/25 17:43:31.0640 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure


Thanks Again

woodywonka
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by Belahzur on 26th November 2010, 1:01 am

Okay please re-run Combofix now and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by woodywonka on 26th November 2010, 4:46 pm

As requested

ComboFix 10-11-25.06 - david 26/11/2010 16:33:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1064 [GMT 0:00]
Running from: c:\documents and settings\david\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\david\Local Settings\Temporary Internet Files\mcc15.tmp
c:\documents and settings\david\Local Settings\Temporary Internet Files\mccB6.tmp
c:\program files\Shared

.
((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-22 14:12 . 2010-11-22 14:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-19 09:19 . 2010-11-19 09:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-11-15 23:21 . 2010-11-15 23:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-12 17:27 . 2010-11-12 17:27 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2010-11-12 17:26 . 2010-11-12 17:26 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-11-12 17:26 . 2010-11-12 17:26 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-11-12 17:26 . 2010-11-12 17:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-11-12 17:26 . 2010-11-12 17:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\TV_Bar_1.1
2010-11-12 17:25 . 2010-11-12 17:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-11-12 13:56 . 2010-11-12 13:56 -------- d-----w- C:\_OTL
2010-11-12 12:44 . 2010-11-12 12:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-12 12:44 . 2010-11-12 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-12 12:44 . 2010-11-12 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-11-12 12:44 . 2010-11-12 17:24 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-12 12:17 . 2010-11-12 12:17 -------- d-----w- c:\program files\Common Files\Java
2010-11-12 12:17 . 2010-09-15 04:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-11 22:49 . 2010-11-11 22:49 243 ----a-w- c:\documents and settings\david\Application Data\sdfsdfgdsfgh.bat
2010-11-10 22:39 . 2010-11-10 22:39 218 ----a-w- c:\documents and settings\david\Application Data\sdfsf.bat
2010-11-06 11:37 . 2010-11-06 11:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-11-05 23:25 . 2010-11-05 23:25 -------- d-----w- c:\program files\GuffinsEI
2010-10-29 14:14 . 2010-10-29 14:18 -------- d-----w- c:\documents and settings\david\Application Data\.minecraft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 09:37 . 2009-05-01 06:49 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-09-18 11:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:29 . 2009-06-27 20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-26 16:25 . 2010-11-26 16:25 16384 c:\windows\Temp\Perflib_Perfdata_b4.dat
+ 2010-11-26 16:25 . 2010-11-26 16:25 16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]
2010-10-27 21:40 3908192 ----a-w- c:\program files\TV_Bar_1.1\tbTV_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}"= "c:\program files\TV_Bar_1.1\tbTV_1.dll" [2010-10-27 3908192]

[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A386D4B0-FDDB-4E1C-AE61-4F014013CD9B}"= "c:\program files\TV_Bar_1.1\tbTV_1.dll" [2010-10-27 3908192]

[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-02 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"File Helper"="c:\program files\File Helper\2.3.0.8\FileHelper.exe" [2010-04-09 585184]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\david\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-10-30 576000]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-30 03:44 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

S2 gupdate1c9d5a0967c192e;Google Update Service (gupdate1c9d5a0967c192e);c:\program files\Google\Update\GoogleUpdate.exe [15/05/2009 21:03 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/04/2010 18:09 137344]
.
Contents of the 'Scheduled Tasks' folder

2010-11-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 21:02]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 21:03]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 21:03]

2010-11-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-07-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-11-26 c:\windows\Tasks\User_Feed_Synchronization-{A14E43C8-594A-4F03-8107-0A5055E46EBE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-26 16:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
Completion time: 2010-11-26 16:39:31
ComboFix-quarantined-files.txt 2010-11-26 16:39
ComboFix2.txt 2010-11-24 09:17

Pre-Run: 34,455,158,784 bytes free
Post-Run: 34,454,437,888 bytes free

- - End Of File - - E344B885CE59F8D09B8E28DA218B6467


Thank you




woodywonka
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by Belahzur on 27th November 2010, 1:23 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by woodywonka on 28th November 2010, 12:21 pm

run as requested and here are the reults

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b64f78b41d64214381b3ac5398abafe8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-28 12:08:10
# local_time=2010-11-28 12:08:10 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 3705 3705 0 0
# scanned=83100
# found=9
# cleaned=9
# scan_time=3904
C:\Documents and Settings\david\Application Data\Sun\Java\Deployment\cache\6.0\24\79810a98-52a5a651 a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\david\Application Data\Sun\Java\Deployment\cache\6.0\31\47564d5f-6b20c6fb a variant of Java/Rowindal.C trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\david\Application Data\Sun\Java\Deployment\cache\6.0\41\b692329-2e544f10 a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\david\Application Data\Sun\Java\Deployment\cache\6.0\8\57a27008-393d54a7 a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\5cef307b-7dbcf3b3 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Google\Chrome\Application\7.0.517.44\mstsc.exe a variant of Win32/Adware.FakeAntiSpy.S application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\GuffinsEI\Installr\1.bin\u4EIPlug.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Live-Player\live-player.exe Win32/Adware.LivePlayer.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Live-Player\uninst.exe a variant of Win32/Adware.Agent.NMZ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


would it be an idea to install some form of protection when finished
Woodywonka

woodywonka
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by Belahzur on 29th November 2010, 12:32 am

Hello.

Please see here on flushing the Java cache.

[You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by woodywonka on 29th November 2010, 1:49 pm

It appears to be working fine now thx what about some form of security to stop this happening again any tips you can give me ????
Woody

woodywonka
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint is there an idiots guide to removal

Post by Belahzur on 29th November 2010, 10:24 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

Post new topic   Reply to topic
 
Permissions in this forum:
You cannot reply to topics in this forum