I've been got by Think Point

View previous topic View next topic Go down

I've been got by Think Point

Post by celesteriley on Sat Nov 27, 2010 8:05 pm

I somehow managed to get the Think Point virus on my home computer Sad tearing .. So in reading through the blogs I did manage to get into safe mode on my home computer, and then I downloaded the malwarebytes program to a flash drive and ran it on my home computer - did a full scan, it said it found 10 objects - i did the remove and it said I needed to reboot so I did.. went in normally and Think point was still there, so then I rebooted back into safe mode and ran the quick scan and it found four items .. removed those - oh and each time I have to reinstall malwarebytes.. it again said I needed to reboot, so I did again this time going straight into safemode.. again Think point popped up and I killed it via ctrl-alt-del, I then ran a quick scan AGAIN and this time it says there is nothing found. But if that is the case why do I keep getting the Think Point starting up when I reboot?

Please help

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Sat Nov 27, 2010 8:34 pm

Update ~ I was able to get into normal and kill Think Point and then run malwarebytes. I did the update on malwarebytes and then ran a scan, it found around 80+ items, I did the remove and then it said to reboot so I did.. this time when it logged in, there were several 'run.dll' errors but they cleared and I was able to get to a browser. I still cant do a system restore, I get a message stating it has been turned off by group policy and to contct my system administrator Sad tearing ... so seems things are working but that Think Point still has me worried.. is it really all gone?

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Sat Nov 27, 2010 8:50 pm

So I did the malware again, it found one item.. I removed and didnt want to reboot right away, was online surfin the web and then everything froze up and I couldnt do anything but shut the machine off the hard way.. I now restarted. I have been navigating over there, but some 'search' items wont open and now it has frozen up again.

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by Belahzur on Sun Nov 28, 2010 12:58 am

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Sun Nov 28, 2010 3:04 pm

I am running the OTL now and will be posting the logs shortly. I did figure out how to correct the 'system restore' function by going into the regedit.exe and deleting a item out of the policies.

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Sun Nov 28, 2010 3:05 pm

here is the OTL.txt

TL logfile created on: 11/28/2010 9:01:38 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\valued customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 287.28 Gb Total Space | 276.40 Gb Free Space | 96.21% Space Free | Partition Type: NTFS
Drive H: | 10.81 Gb Total Space | 5.21 Gb Free Space | 48.16% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive J: | 959.72 Mb Total Space | 951.17 Mb Free Space | 99.11% Space Free | Partition Type: FAT

Computer Name: RILEY | User Name: valued customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/28 09:01:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\valued customer\Desktop\OTL.exe
PRC - [2010/10/16 02:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/11/12 15:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/24 05:17:39 | 000,778,072 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/24 05:17:32 | 001,169,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/02/06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/10/20 05:30:54 | 000,069,632 | R--- | M] (Kreeda Games India Pvt. Ltd.) -- C:\WINDOWS\system32\DMService.exe
PRC - [2008/08/15 18:21:52 | 000,884,795 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe
PRC - [2008/04/13 22:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/28 09:01:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\valued customer\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/11/26 19:02:22 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)
SRV - [2010/10/16 02:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/28 18:14:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/12 15:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/09/24 05:17:32 | 001,169,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/02/06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/20 05:30:54 | 000,069,632 | R--- | M] (Kreeda Games India Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DMService.exe -- (DMService)
SRV - [2008/08/23 18:19:46 | 000,069,632 | ---- | M] (Kreeda Games India Pvt. Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DMServiceUpdater.exe -- (DMServiceUpdater)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\rcgjtpwu.sys -- (rcgjtpwu)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/05 03:02:40 | 000,002,996 | ---- | M] (Buzz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2010/02/01 20:49:09 | 005,070,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/02/01 20:49:08 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/02/01 20:49:08 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2010/02/01 20:44:42 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/11/12 15:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/23 06:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/10/26 15:48:00 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/08/14 09:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/18 13:28:10 | 000,384,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2008/04/13 17:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 16:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/13 15:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2003/07/24 14:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/23 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 94 D1 60 D2 8D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Firefox\extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010/03/14 19:54:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010/03/14 19:54:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2007/08/11 00:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk = C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\hollie\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} [You must be registered and logged in to see this link.] (SonyOnlineInstallerX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.179.250
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/01 18:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 03:01:00 | 000,000,053 | -HS- | M] () - H:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 09:01:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\valued customer\Desktop\OTL.exe
[2010/11/27 14:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/11/27 14:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/27 13:32:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/11/27 10:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\WhiteSmokeTranslator
[2010/11/27 10:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\whitesmoketoolbar
[2010/11/27 10:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}
[2010/11/27 10:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/11/27 10:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Bitrix Security
[2010/11/27 10:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Ymge
[2010/11/27 10:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Acez
[2010/11/27 10:20:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/11/27 10:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\3A58C5499FDC296B73D8E357D9E246E7
[2010/11/27 10:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/11/27 10:19:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/27 10:11:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\valued customer\My Documents\My Videos
[2010/11/27 10:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Sun
[2010/11/27 08:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FrostWire
[2010/11/26 18:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Apple Computer
[2010/11/26 18:59:02 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/11/26 18:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/26 18:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/26 18:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/26 18:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/26 18:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Local Settings\Application Data\Apple
[2010/11/26 18:54:13 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/11/26 18:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/26 18:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Local Settings\Application Data\Apple Computer
[2010/11/26 18:48:13 | 000,384,608 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\WPN111.sys
[2010/11/26 18:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\InstallShield
[2010/11/26 18:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\My Documents\FrostWire
[2010/11/26 18:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\FrostWire
[2010/11/26 18:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Local Settings\Application Data\AskToolbar
[2010/11/26 18:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/11/26 18:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Adobe
[2010/11/26 18:39:08 | 000,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNIN50.dll
[2010/11/26 18:39:08 | 000,017,149 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.sys
[2010/11/26 18:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/11/26 18:36:59 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/28 09:03:35 | 000,764,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\xesaoapsm.sys
[2010/11/28 09:01:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\valued customer\Desktop\OTL.exe
[2010/11/28 09:01:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/28 08:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/28 08:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/11/28 07:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/28 07:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/11/28 06:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/28 06:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/11/28 05:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/28 05:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/11/28 04:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/28 04:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/11/28 03:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/28 03:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/11/28 03:27:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2010/11/28 02:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/28 02:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/11/28 01:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/28 01:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/11/28 00:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/28 00:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/11/27 23:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/27 23:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/11/27 22:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/27 22:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/11/27 21:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/27 21:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/11/27 20:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/27 20:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/11/27 19:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/27 19:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/11/27 18:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/27 18:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/11/27 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/11/27 17:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/27 17:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/11/27 16:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/27 16:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/11/27 16:30:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/27 16:30:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/27 16:28:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/27 16:28:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/27 16:04:36 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/27 16:04:36 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/27 16:04:36 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/11/27 14:53:31 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/11/27 14:41:54 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/27 13:51:40 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/27 13:51:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/27 11:11:35 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\valued customer\Application Data\completescan
[2010/11/27 11:09:56 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/27 11:09:56 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/11/27 11:02:54 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\valued customer\Application Data\install
[2010/11/27 10:26:18 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Whitesmoke Translator!.lnk
[2010/11/27 10:26:18 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/11/27 10:23:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Clulalevetecofi.bin
[2010/11/27 10:23:00 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Njuragifi.dat
[2010/11/27 10:22:50 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/11/27 10:22:49 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/11/27 10:22:44 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/11/27 10:22:36 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/27 05:38:36 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/27 05:38:36 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/27 05:35:44 | 001,974,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/27 05:19:25 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/27 01:15:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/11/26 23:30:12 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/26 18:59:08 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/26 18:56:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/26 18:54:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/26 18:48:13 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
[2010/11/26 18:48:13 | 000,001,385 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WPN111 Smart Wizard.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/27 14:41:54 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/27 13:38:05 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/27 11:11:35 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\valued customer\Application Data\completescan
[2010/11/27 11:02:54 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\valued customer\Application Data\install
[2010/11/27 10:56:59 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/27 10:26:18 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Whitesmoke Translator!.lnk
[2010/11/27 10:26:18 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/11/27 10:23:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/11/27 10:23:01 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/11/27 10:23:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Clulalevetecofi.bin
[2010/11/27 10:23:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Njuragifi.dat
[2010/11/27 10:22:58 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/11/27 10:22:58 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/11/27 10:22:57 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/11/27 10:22:57 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/11/27 10:22:57 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/11/27 10:22:54 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/11/27 10:22:53 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/11/27 10:22:53 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/11/27 10:22:49 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/11/27 10:22:47 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/11/27 10:22:42 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/11/27 10:22:38 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/11/27 10:22:35 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/11/27 10:22:34 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/11/27 10:22:33 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/11/27 10:22:31 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/11/27 10:22:31 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/11/27 10:22:31 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/11/27 10:22:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/11/27 10:22:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/11/27 10:22:29 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/11/27 10:22:29 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/11/27 10:20:54 | 000,764,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\xesaoapsm.sys
[2010/11/27 10:20:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/27 10:20:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/27 10:20:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/27 10:20:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/27 10:20:46 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/27 10:20:45 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/26 23:30:12 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/26 18:59:08 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/26 18:56:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/26 18:48:13 | 000,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
[2010/11/26 18:48:13 | 000,001,385 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WPN111 Smart Wizard.lnk
[2010/11/26 18:48:12 | 000,155,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2010/11/26 18:44:07 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/05 15:50:42 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/05 15:50:42 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/05 15:50:42 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/03/03 21:10:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/02/05 03:02:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\inpout32.dll
[2010/02/02 01:39:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/02/01 20:46:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/02/01 10:30:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/13 22:41:56 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/13 22:41:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/13 22:41:56 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/13 22:41:56 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/13 22:41:56 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8668AB36
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18FD1D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DFE5191
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F437A62A
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:211ED887
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7

< End of report >

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Sun Nov 28, 2010 3:06 pm

Here is the Extras.tx

OTL Extras logfile created on: 11/28/2010 9:01:39 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\valued customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 287.28 Gb Total Space | 276.40 Gb Free Space | 96.21% Space Free | Partition Type: NTFS
Drive H: | 10.81 Gb Total Space | 5.21 Gb Free Space | 48.16% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive J: | 959.72 Mb Total Space | 951.17 Mb Free Space | 99.11% Space Free | Partition Type: FAT

Computer Name: RILEY | User Name: valued customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1046:TCP" = 1046:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- File not found
"C:\Program Files\Kaneva\Star\3296\KepClient.exe" = C:\Program Files\Kaneva\Star\3296\KepClient.exe:*:Enabled:KEP Game Client -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Makena\There\ThereClient\There.exe" = C:\Makena\There\ThereClient\There.exe:*:Enabled:There -- File not found
"C:\Program Files\Electronic Arts\Command & Conquer 4 Beta\Data\rts-final.exe" = C:\Program Files\Electronic Arts\Command & Conquer 4 Beta\Data\rts-final.exe:*:Disabled:Command & Conquer™ 4 Beta -- File not found
"C:\Program Files\Kaneva\Star\3298\KepClient.exe" = C:\Program Files\Kaneva\Star\3298\KepClient.exe:*:Enabled:KEP Game Client -- File not found
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- File not found
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Documents and Settings\hollie\Local Settings\Temporary Internet Files\Content.IE5\ID9B1OTC\EudemonsV1272[1].exe" = C:\Documents and Settings\hollie\Local Settings\Temporary Internet Files\Content.IE5\ID9B1OTC\EudemonsV1272[1].exe:*:Enabled:EudemonsV1272[1].exe -- File not found
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Documents and Settings\hollie\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\hollie\Application Data\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice -- File not found
"C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe" = C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.25.0.65
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F5006EE-BFE5-4715-B2EC-F82EB2FF130D}" = ArcSoft MediaImpression
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe
"{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}" = ArcSoft Panorama Maker 4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}" = ArcSoft Photo Book Screen Saver
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audiosurf_is1" = Audiosurf Beta
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Timer_is1" = Timer 5.0.0.3
"Web Page Maker_is1" = Web Page Maker V3.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2010 2:51:14 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/8/2010 7:58:42 AM | Computer Name = JOHNS-AND-HOLLE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2010 9:29:42 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/8/2010 9:32:10 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/8/2010 2:06:07 PM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/8/2010 3:57:16 PM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/8/2010 9:24:49 PM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/9/2010 12:44:07 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/9/2010 12:25:31 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/9/2010 12:45:18 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

[ System Events ]
Error - 11/27/2010 4:07:50 PM | Computer Name = RILEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/27/2010 4:10:17 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.

Error - 11/27/2010 4:23:14 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.

Error - 11/27/2010 4:39:01 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.

Error - 11/27/2010 4:40:45 PM | Computer Name = RILEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/27/2010 4:54:49 PM | Computer Name = RILEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/27/2010 4:55:11 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.

Error - 11/27/2010 6:06:13 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.

Error - 11/27/2010 6:28:53 PM | Computer Name = RILEY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 11/27/2010 6:30:17 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.


< End of report >

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by Belahzur on Mon Nov 29, 2010 12:34 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Mon Nov 29, 2010 12:56 pm

ComboFix 10-11-28.01 - valued customer 11/28/2010 19:13:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.461 [GMT -6:00]
Running from: c:\documents and settings\valued customer\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\valued customer\Application Data\alot
c:\documents and settings\valued customer\Application Data\Bitrix Security
c:\documents and settings\valued customer\Application Data\Bitrix Security\cet.txt
c:\documents and settings\valued customer\Application Data\Bitrix Security\lkvfgjcjj_shrd
c:\documents and settings\valued customer\Application Data\Bitrix Security\shcyur
c:\documents and settings\valued customer\Application Data\completescan
c:\documents and settings\valued customer\Application Data\install
c:\documents and settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}
c:\documents and settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}\chrome.manifest
c:\documents and settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}\chrome\content\_cfg.js
c:\documents and settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}\chrome\content\overlay.xul
c:\documents and settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}\install.rdf
c:\windows\system32\drivers\hwinterface.sys
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
H:\Autorun.inf

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hwinterface
-------\Service_hwinterface


((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.

2010-11-28 22:21 . 2010-11-28 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-28 22:05 . 2010-11-28 22:05 -------- d-----w- c:\documents and settings\valued customer\Local Settings\Application Data\ArcSoft
2010-11-28 22:00 . 2010-11-28 22:00 -------- d-----w- c:\program files\CCleaner
2010-11-28 21:57 . 2010-11-28 21:57 -------- d-----w- c:\documents and settings\valued customer\Local Settings\Application Data\Mozilla
2010-11-28 19:47 . 2010-11-28 19:47 -------- d-----w- c:\documents and settings\valued customer\Application Data\SUPERAntiSpyware.com
2010-11-28 19:47 . 2010-11-28 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-28 19:46 . 2010-11-28 19:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-27 20:41 . 2010-11-27 20:41 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-27 20:23 . 2010-11-27 20:23 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-11-27 16:56 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-27 16:26 . 2010-11-27 16:37 -------- d-----w- c:\documents and settings\valued customer\Application Data\WhiteSmokeTranslator
2010-11-27 16:23 . 2010-11-27 16:23 -------- d-----w- c:\documents and settings\valued customer\Application Data\whitesmoketoolbar
2010-11-27 16:23 . 2010-11-27 16:23 0 ----a-w- c:\windows\Clulalevetecofi.bin
2010-11-27 16:22 . 2010-11-27 16:22 -------- d-----w- c:\program files\JRE
2010-11-27 16:22 . 2010-11-27 22:03 -------- d-----w- c:\documents and settings\valued customer\Application Data\Acez
2010-11-27 16:22 . 2010-11-27 16:26 -------- d-----w- c:\documents and settings\valued customer\Application Data\Ymge
2010-11-27 16:20 . 2010-11-29 03:35 764416 ----a-w- c:\windows\system32\drivers\xesaoapsm.sys
2010-11-27 16:20 . 2010-11-27 22:03 -------- d-----w- c:\documents and settings\valued customer\Application Data\3A58C5499FDC296B73D8E357D9E246E7
2010-11-27 16:19 . 2010-11-27 16:22 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-27 14:18 . 2010-11-27 17:17 -------- d-----w- c:\documents and settings\Alexis Riley
2010-11-27 11:37 . 2010-11-27 11:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-27 00:59 . 2010-11-27 01:26 -------- d-----w- c:\documents and settings\valued customer\Application Data\Apple Computer
2010-11-27 00:59 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-27 00:59 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-27 00:58 . 2010-11-27 00:58 -------- d-----w- c:\program files\iPod
2010-11-27 00:58 . 2010-11-27 00:59 -------- d-----w- c:\program files\iTunes
2010-11-27 00:58 . 2010-11-27 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-27 00:54 . 2010-11-27 00:54 -------- d-----w- c:\program files\Apple Software Update
2010-11-27 00:54 . 2010-11-27 00:54 -------- d-----w- c:\documents and settings\valued customer\Local Settings\Application Data\Apple
2010-11-27 00:54 . 2010-09-28 23:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-11-27 00:54 . 2010-09-28 23:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-11-27 00:53 . 2010-11-27 00:53 -------- d-----w- c:\program files\Bonjour
2010-11-27 00:52 . 2010-11-27 00:59 -------- d-----w- c:\documents and settings\valued customer\Local Settings\Application Data\Apple Computer
2010-11-27 00:48 . 2008-04-18 19:28 384608 ----a-w- c:\windows\system32\drivers\WPN111.sys
2010-11-27 00:48 . 2008-04-18 19:27 155624 ----a-w- c:\windows\system32\drivers\ar5523.bin
2010-11-27 00:47 . 2010-11-27 00:47 -------- d-----w- c:\documents and settings\valued customer\Application Data\InstallShield
2010-11-27 00:44 . 2010-11-27 19:26 -------- d-----w- c:\documents and settings\valued customer\Application Data\FrostWire
2010-11-27 00:44 . 2010-11-27 16:12 -------- d-----w- c:\documents and settings\valued customer\Local Settings\Application Data\AskToolbar
2010-11-27 00:44 . 2010-11-27 00:44 -------- d-----w- c:\program files\Ask.com
2010-11-27 00:39 . 2010-11-27 00:39 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-11-27 00:39 . 2003-07-24 20:10 17149 ----a-w- c:\windows\system32\DNINDIS5.sys
2010-11-27 00:39 . 2003-07-24 20:10 94208 ----a-w- c:\windows\system32\DNIN50.dll
2010-11-27 00:39 . 2010-11-27 00:39 -------- d-----w- c:\program files\NETGEAR
2010-11-27 00:36 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23 . 2010-10-07 20:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-18 20:23 . 2007-04-03 07:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 04:41 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 04:41 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-08-23 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:58 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2008-04-14 04:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:58 . 2008-04-14 04:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 19:17 . 2010-09-08 19:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 19:17 . 2010-09-08 19:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2008-04-14 04:39 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2008-04-14 00:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 7AAF8F961E622905E99D14FF59E56F37 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 6EE677CC1AC5D45BD3C21BD6F7B41BC1 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . C59F18687DE671F5FC75ABEDDFC3309A . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^john^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\john\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-10-26 21:48 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-10-26 21:48 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-10-26 21:48 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-02-02 02:49 17880576 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/30/2010 12:25 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/13/2008 10:42 PM 14336]
R2 DMService;DMService;c:\windows\system32\DMService.exe [2/18/2010 8:16 PM 69632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1181328]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [11/26/2010 6:39 PM 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [11/26/2010 6:48 PM 384608]
S1 rcgjtpwu;rcgjtpwu;\??\c:\windows\system32\drivers\rcgjtpwu.sys --> c:\windows\system32\drivers\rcgjtpwu.sys [?]
S2 DMServiceUpdater;DMServiceUpdater;c:\windows\system32\DMServiceUpdater.exe [2/18/2010 8:16 PM 69632]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/1/2010 8:49 PM 1684736]

--- Other Services/Drivers In Memory ---

*Deregistered* - xesaoapsm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:46]

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:46]

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:46]

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:46]

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:46]

2010-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]

2010-11-28 c:\windows\Tasks\Driver Fetch.job
- c:\program files\Driver Fetch\2.0.0.0\DriverFetch.exe [2010-02-02 01:15]

2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 21:57]

2010-11-28 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-03-18 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-11-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 06:44]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hollie\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\valued customer\Application Data\Mozilla\Firefox\Profiles\npiucg9g.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\valued customer\Application Data\Mozilla\Firefox\Profiles\npiucg9g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-28 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xesaoapsm]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WgaTray.exe
c:\program files\NETGEAR\WPN111\wpn111.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2010-11-28 21:39:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-29 03:39

Pre-Run: 296,461,074,432 bytes free
Post-Run: 296,853,618,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 88DD77154002FA8E31CBEEB53657296E

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Mon Nov 29, 2010 1:32 pm

I started the combo fix last night and had left my computer.. when I came back this morning I had the file I posted above, but I also have a message stating that the copy of windows didnt pass validation, does that mean that whoever loaded windows on this computer used a fake copy? Or is that message a fake too? ugh at viruses.

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by Belahzur on Mon Nov 29, 2010 10:22 pm

Hello.
Do you have your XP disc?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Tue Nov 30, 2010 12:20 am

No ~ I purchased the computer from a local pawn shop Sad tearing and it had windows XP already loaded.

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Wed Dec 01, 2010 12:05 am

wondering what to do now

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by Belahzur on Wed Dec 01, 2010 12:22 am

Hello.
Can you borrow one from somewhere? malware has caused serious damage to your machine.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Wed Dec 01, 2010 4:06 pm

So is the thought that I need to have someone completely wipe the machine and reinstall Win XP? If so I believe I may be able to go back to the store and ask for them to do so.

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by Belahzur on Thu Dec 02, 2010 1:13 am

That would be one way of doing it. You can do that if you want to, it would be easier for both of us.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Sat Dec 04, 2010 1:10 pm

Ok I am going to see what I can do to either go back to the shop or find a disc to use. Currently the computer is semi working - other than the note about maybe being the victim of software counterfeiting and the fact that if I do a 'search' and try to go to the results I get redirected its working. I can use the internet if I know the url to go to. So I will just make do until I can figure something else out.

thanks for the help - I may be back for assistance with reinstalling my OS

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Sat Dec 11, 2010 1:59 am

I got a copy of windows vista os and so I reinstalled my operating system and things seem to be working well, however wondering if I can have you take a look at my OTL logs and just let me know if they look ok? I am running it now, and will post when done.

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Sat Dec 11, 2010 2:01 am

OTL txt file

OTL logfile created on: 12/10/2010 7:57:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\billie\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 415.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.28 Gb Total Space | 265.36 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
Drive D: | 10.81 Gb Total Space | 5.20 Gb Free Space | 48.13% Space Free | Partition Type: NTFS
Drive J: | 959.72 Mb Total Space | 693.84 Mb Free Space | 72.30% Space Free | Partition Type: FAT

Computer Name: BILLIE-PC | User Name: billie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/10 19:57:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\billie\Desktop\OTL.exe
PRC - [2010/12/10 18:17:06 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/11/22 10:29:41 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/08/15 16:49:22 | 000,999,424 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe
PRC - [2006/11/02 06:34:32 | 001,004,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/10 19:57:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\billie\Desktop\OTL.exe
MOD - [2006/11/02 03:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/11/02 06:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/08/05 00:20:12 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WPN111v.sys -- (WPN111)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006/11/16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 20:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.179.250
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/10 19:57:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\billie\Desktop\OTL.exe
[2010/12/10 19:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/12/10 18:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/12/10 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/12/10 18:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/12/10 18:56:07 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Local\Adobe
[2010/12/10 18:53:36 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/10 18:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/10 18:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/10 18:49:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/12/10 18:47:05 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/12/10 18:46:22 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Roaming\Macromedia
[2010/12/10 18:46:22 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Roaming\Adobe
[2010/12/10 18:43:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/12/10 18:42:24 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/12/10 18:42:09 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/12/10 18:41:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010/12/10 18:32:19 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010/12/10 18:17:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/12/10 17:49:06 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Roaming\Apple Computer
[2010/12/10 17:49:06 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Local\Apple Computer
[2010/12/10 17:47:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/12/10 17:47:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/12/10 17:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/10 17:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/10 17:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/10 17:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/10 17:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/12/10 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Local\Apple
[2010/12/10 17:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/10 17:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/12/10 17:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/10 17:30:02 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Roaming\Malwarebytes
[2010/12/10 17:29:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/10 17:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/10 17:29:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/10 17:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/10 17:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/12/10 17:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/12/10 17:18:35 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/12/10 17:18:35 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/12/10 17:17:55 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/12/10 17:17:55 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/12/10 17:17:55 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/12/10 17:17:18 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/12/10 17:17:18 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/12/10 17:13:42 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/12/10 17:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/12/10 17:13:20 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Roaming\InstallShield
[2010/12/10 17:05:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/12/10 17:04:44 | 000,021,504 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\DNIMP50.sys
[2010/12/10 17:04:44 | 000,020,480 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\DNISP50.sys
[2010/12/10 17:04:43 | 000,904,192 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\WPN111v.sys
[2010/12/10 17:00:58 | 000,000,000 | R--D | C] -- C:\Users\billie\Searches
[2010/12/10 17:00:47 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Roaming\Identities
[2010/12/10 17:00:45 | 000,000,000 | R--D | C] -- C:\Users\billie\Contacts
[2010/12/10 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Local\VirtualStore
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\AppData\Local\Temporary Internet Files
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\Templates
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\Start Menu
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\SendTo
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\Recent
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\PrintHood
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\NetHood
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\Documents\My Videos
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\Documents\My Pictures
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\Documents\My Music
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\My Documents
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\Local Settings
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\AppData\Local\History
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\Cookies
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\Application Data
[2010/12/10 17:00:33 | 000,000,000 | -HSD | C] -- C:\Users\billie\AppData\Local\Application Data
[2010/12/10 17:00:32 | 000,000,000 | --SD | C] -- C:\Users\billie\AppData\Roaming\Microsoft
[2010/12/10 17:00:32 | 000,000,000 | R--D | C] -- C:\Users\billie\Videos
[2010/12/10 17:00:32 | 000,000,000 | R--D | C] -- C:\Users\billie\Saved Games
[2010/12/10 17:00:32 | 000,000,000 | R--D | C] -- C:\Users\billie\Pictures
[2010/12/10 17:00:32 | 000,000,000 | R--D | C] -- C:\Users\billie\Music
[2010/12/10 17:00:32 | 000,000,000 | R--D | C] -- C:\Users\billie\Links
[2010/12/10 17:00:32 | 000,000,000 | R--D | C] -- C:\Users\billie\Favorites
[2010/12/10 17:00:32 | 000,000,000 | R--D | C] -- C:\Users\billie\Downloads
[2010/12/10 17:00:32 | 000,000,000 | R--D | C] -- C:\Users\billie\Documents
[2010/12/10 17:00:32 | 000,000,000 | R--D | C] -- C:\Users\billie\Desktop
[2010/12/10 17:00:32 | 000,000,000 | -H-D | C] -- C:\Users\billie\AppData
[2010/12/10 17:00:32 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Local\Temp
[2010/12/10 17:00:32 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Local\Microsoft
[2010/12/10 17:00:32 | 000,000,000 | ---D | C] -- C:\Users\billie\AppData\Roaming\Media Center Programs
[2010/12/08 17:15:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/01 14:56:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/28 19:12:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/28 19:10:20 | 000,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 30 Days ==========

[2010/12/10 19:57:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\billie\Desktop\OTL.exe
[2010/12/10 19:26:18 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/10 19:26:18 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/10 19:18:41 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 19:18:41 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 19:18:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{42174706-8128-46A9-A3B9-65F029EB9C71}.job
[2010/12/10 19:18:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/10 19:18:00 | 1064,886,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/10 19:03:35 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/10 18:54:47 | 000,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/10 18:53:31 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/10 18:51:22 | 000,041,176 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/12/10 18:51:22 | 000,000,197 | RHS- | M] () -- C:\boot.ini
[2010/12/10 18:48:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2010/12/10 18:42:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/12/10 17:48:01 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/10 17:41:27 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/10 17:29:31 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/10 17:25:39 | 000,003,584 | ---- | M] () -- C:\Users\billie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 17:18:35 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/12/10 17:18:35 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/12/10 17:17:55 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/12/10 17:17:55 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/12/10 17:17:55 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/12/10 17:17:18 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/12/10 17:17:18 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/12/10 17:13:43 | 000,001,503 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
[2010/12/10 17:13:43 | 000,001,485 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WPN111 Smart Wizard.lnk
[2010/12/10 17:01:11 | 000,000,943 | ---- | M] () -- C:\Users\billie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/09 16:40:45 | 000,000,953 | ---- | M] () -- C:\Users\billie\Documents\xmas.rtf
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/28 19:12:36 | 000,000,327 | RHS- | M] () -- C:\Boot.ini.saved

========== Files Created - No Company Name ==========

[2010/12/10 19:03:35 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/10 18:54:15 | 1064,886,272 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/10 18:53:31 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/10 18:51:22 | 000,000,327 | RHS- | C] () -- C:\Boot.ini.saved
[2010/12/10 18:42:11 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010/12/10 18:42:09 | 000,438,840 | RHS- | C] () -- C:\bootmgr
[2010/12/10 18:41:30 | 000,330,752 | R--- | C] () -- C:\Windows\System32\drivers\NETBIOS.PDB
[2010/12/10 17:48:01 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/10 17:41:27 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/10 17:29:36 | 000,000,420 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{42174706-8128-46A9-A3B9-65F029EB9C71}.job
[2010/12/10 17:29:31 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/10 17:25:34 | 000,003,584 | ---- | C] () -- C:\Users\billie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 17:22:03 | 000,000,953 | ---- | C] () -- C:\Users\billie\Documents\xmas.rtf
[2010/12/10 17:13:43 | 000,001,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
[2010/12/10 17:13:43 | 000,001,485 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WPN111 Smart Wizard.lnk
[2010/12/10 17:01:10 | 000,000,943 | ---- | C] () -- C:\Users\billie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/10 17:00:32 | 000,000,258 | ---- | C] () -- C:\Users\billie\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/12/10 17:00:32 | 000,000,240 | ---- | C] () -- C:\Users\billie\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/28 19:12:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/28 19:12:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

< End of report >

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Sat Dec 11, 2010 2:01 am

OTL extras file

OTL Extras logfile created on: 12/10/2010 7:57:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\billie\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 415.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.28 Gb Total Space | 265.36 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
Drive D: | 10.81 Gb Total Space | 5.20 Gb Free Space | 48.13% Space Free | Partition Type: NTFS
Drive J: | 959.72 Mb Total Space | 693.84 Mb Free Space | 72.30% Space Free | Partition Type: FAT

Computer Name: BILLIE-PC | User Name: billie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C80991B-2AEA-41A5-BB6A-5924A47727A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{388530A3-7DDA-4D56-B6D7-ABD1AD22EE34}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{59A2C48D-813E-4D6A-A2F7-A394DB2EDD14}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2010 7:04:29 PM | Computer Name = billie-PC | Source = VSS | ID = 8194
Description =

Error - 12/10/2010 7:04:45 PM | Computer Name = billie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\NETGEAR\WPN111\wpn111.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/10/2010 7:10:54 PM | Computer Name = billie-PC | Source = VSS | ID = 8194
Description =

Error - 12/10/2010 7:13:32 PM | Computer Name = billie-PC | Source = VSS | ID = 8194
Description =

Error - 12/10/2010 7:39:30 PM | Computer Name = billie-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 12/10/2010 9:04:28 PM | Computer Name = billie-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 9:04:32 PM | Computer Name = billie-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 9:04:33 PM | Computer Name = billie-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 9:04:36 PM | Computer Name = billie-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 9:04:38 PM | Computer Name = billie-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 9:04:40 PM | Computer Name = billie-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 9:04:49 PM | Computer Name = billie-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 9:04:52 PM | Computer Name = billie-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 9:04:53 PM | Computer Name = billie-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2010 9:04:54 PM | Computer Name = billie-PC | Source = DCOM | ID = 10016
Description =


< End of report >

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by Belahzur on Sat Dec 11, 2010 5:31 pm

It looks fine now but you currently don't have an antivirus installed.

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I've been got by Think Point

Post by celesteriley on Tue Dec 14, 2010 1:33 pm

Thanks Belahzur! I just installed Avira Antivirus - it told me I had to turn off Windows defender so I did that. Hopefully everything is good now - really appreciate all the help you and this site provide.

celesteriley
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-11-27
OS OS : xp
Points Points : 22238
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum