Removed ThinkPoint manually, other malware possible?

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Thu 03 Mar 2011, 4:17 pm

Greetings GeekPolice!

I have a laptop from a friend of mine who has had virus and malware issues. I just manually removed ThinkPoint Malware from her machine. I am sure there are probably other infestations on her computer. The computer is horribly slow, though I know a part of the th e issue is only having 512k of Ram. I will be getting her more ram.

Any findings and assistance would be greatly appreciated. I want to give her back a clean computer.

I did the instructions in the Read this before posting thread, now am posting my first OTL and EXtras logs.

Here we go:


OTL Extras logfile created on: 3/2/2011 11:36:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Carlee Jae\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 338.00 Mb Available Physical Memory | 66.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 39.68 Gb Free Space | 71.00% Space Free | Partition Type: NTFS

Computer Name: CARLEES-PC | User Name: Carlee Jae | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{4701BF4D-9DBD-4F3B-953A-AFC3316E821B}" = TOSHIBA Dual Pointing Device Utility
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{E103831E-7692-48CF-A5B7-2B71BD133378}" = KODAK Share Button App
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"America Online us" = America Online
"AolCoach" = AOL Coach Version 1.0(Build:20020823.1)
"ATT-RemoteControl" = ATT-RemoteControl
"Hoyle Casino 5" = Hoyle Casino 5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Picasa2" = Picasa 2
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = Toshiba Hotkey Utility for Display Devices
"TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.36.00.XP
"Toshiba Access" = Toshiba Access
"Toshiba Power Saver" = TOSHIBA Power Saver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Software Upgrades" = TOSHIBA Software Upgrades
"TOSHIBA System Stability Program" = TOSHIBA System Stability Program
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/2/2011 10:45:37 PM | Computer Name = CARLEES-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/2/2011 10:45:59 PM | Computer Name = CARLEES-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/2/2011 10:46:03 PM | Computer Name = CARLEES-PC | Source = Application Hang | ID = 1001
Description = Fault bucket 1878916232.

Error - 3/2/2011 10:46:12 PM | Computer Name = CARLEES-PC | Source = Application Hang | ID = 1001
Description = Fault bucket 1878916232.

Error - 3/2/2011 11:18:51 PM | Computer Name = CARLEES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 3/2/2011 11:18:51 PM | Computer Name = CARLEES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 3/2/2011 11:18:51 PM | Computer Name = CARLEES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 3/2/2011 11:18:51 PM | Computer Name = CARLEES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 3/3/2011 12:32:31 AM | Computer Name = CARLEES-PC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.com, version 3.2.22.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2011 12:39:17 AM | Computer Name = CARLEES-PC | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

[ System Events ]
Error - 3/2/2011 10:37:44 PM | Computer Name = CARLEES-PC | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/2/2011 11:01:36 PM | Computer Name = CARLEES-PC | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/2/2011 11:33:28 PM | Computer Name = CARLEES-PC | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/2/2011 11:46:42 PM | Computer Name = CARLEES-PC | Source = Service Control Manager | ID = 7034
Description = The SoundMAX Agent Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/2/2011 11:47:25 PM | Computer Name = CARLEES-PC | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/2/2011 11:48:33 PM | Computer Name = CARLEES-PC | Source = Service Control Manager | ID = 7034
Description = The SoundMAX Agent Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/3/2011 12:05:03 AM | Computer Name = CARLEES-PC | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/3/2011 12:17:37 AM | Computer Name = CARLEES-PC | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/3/2011 12:34:10 AM | Computer Name = CARLEES-PC | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/3/2011 12:45:30 AM | Computer Name = CARLEES-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Thu 03 Mar 2011, 4:17 pm

OTL logfile created on: 3/2/2011 11:36:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Carlee Jae\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 338.00 Mb Available Physical Memory | 66.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 39.68 Gb Free Space | 71.00% Space Free | Partition Type: NTFS

Computer Name: CARLEES-PC | User Name: Carlee Jae | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/02 23:21:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlee Jae\Desktop\OTL.com
PRC - [2010/04/26 11:31:00 | 000,078,336 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 21:52:44 | 000,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2003/01/21 14:10:44 | 000,122,880 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2002/11/30 00:09:22 | 000,086,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\tmesbs32.exe
PRC - [2002/11/08 17:27:18 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2002/10/04 15:24:18 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/07/30 14:36:00 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2002/07/15 19:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/03/02 23:21:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlee Jae\Desktop\OTL.com
MOD - [2008/04/13 19:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/01/05 13:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2003/01/21 14:10:44 | 000,122,880 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2002/11/30 00:09:22 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2002/11/08 17:27:18 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/10/04 15:24:18 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2002/07/30 14:40:44 | 000,573,440 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/07/30 14:36:00 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2002/07/15 19:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/10/18 03:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 03:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVENG.SYS -- (NAVENG)
DRV - [2007/02/14 14:30:36 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/01/29 17:24:36 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/01/17 20:39:10 | 000,253,248 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2003/01/13 10:07:16 | 002,370,688 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2002/12/13 20:16:58 | 000,008,541 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2002/12/13 03:41:48 | 000,099,577 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/11/22 13:21:18 | 001,157,856 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/11/15 16:28:22 | 000,090,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2002/11/05 23:02:22 | 000,025,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
DRV - [2002/10/09 14:18:16 | 000,015,143 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TOSSDPCI.SYS -- (pciSd)
DRV - [2002/10/04 15:22:16 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/06/21 02:53:28 | 000,005,300 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD)
DRV - [2002/06/19 23:57:14 | 000,029,184 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2002/06/19 23:57:12 | 000,218,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2002/01/24 17:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)
DRV - [2001/09/13 22:53:02 | 000,005,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8458f000-6cc9-11df-a8f5-000423481a04}\Shell - "" = AutoRun
O33 - MountPoints2\{8458f000-6cc9-11df-a8f5-000423481a04}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8458f000-6cc9-11df-a8f5-000423481a04}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: 000StTHK - hkey= - key= - File not found
MsConfig - StartUpReg: 00THotkey - hkey= - key= - File not found
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: ccApp - hkey= - key= - File not found
MsConfig - StartUpReg: ccRegVfy - hkey= - key= - File not found
MsConfig - StartUpReg: DpUtil - hkey= - key= - C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
MsConfig - StartUpReg: ezShieldProtector for Px - hkey= - key= - File not found
MsConfig - StartUpReg: LtMoh - hkey= - key= - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NAV CfgWiz - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: Pinger - hkey= - key= - c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: TFncKy - hkey= - key= - File not found
MsConfig - StartUpReg: TFNF5 - hkey= - key= - File not found
MsConfig - StartUpReg: TMEEJME.EXE - hkey= - key= - C:\Program Files\Toshiba\TME3\TMEEJME.exe (TOSHIBA)
MsConfig - StartUpReg: TMERzCtl.EXE - hkey= - key= - C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
MsConfig - StartUpReg: TMESBS.EXE - hkey= - key= - C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
MsConfig - StartUpReg: TMESRV.EXE - hkey= - key= - C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
MsConfig - StartUpReg: TosHKCW.exe - hkey= - key= - C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
MsConfig - StartUpReg: Tpwrtray - hkey= - key= - File not found
MsConfig - StartUpReg: TSysSMon - hkey= - key= - c:\toshiba\sysstability\tsyssmon.exe (TOSHIBA)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/02 23:20:54 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carlee Jae\Desktop\OTL.com
[2011/03/02 22:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/02 22:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/02 22:16:02 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/02 22:16:01 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/02 22:16:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/02 22:16:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/02 22:15:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/02 22:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/02 22:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlee Jae\Application Data\Sun
[2011/03/02 21:25:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/02 18:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/02 18:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/03/02 18:23:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/03/02 18:23:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/03/02 18:05:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\Carlee Jae\My Documents\*.tmp files -> C:\Documents and Settings\Carlee Jae\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/02 23:34:08 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/03/02 23:34:03 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/02 23:34:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/02 23:30:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/02 23:26:05 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Desktop\Notepad.lnk
[2011/03/02 23:21:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlee Jae\Desktop\OTL.com
[2011/03/02 22:14:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/02 22:14:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/02 22:14:43 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/02 22:14:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/02 22:14:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/02 21:50:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI
[2011/03/02 21:39:34 | 000,313,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/02 21:39:34 | 000,041,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/02 21:38:05 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/02 21:37:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/02 21:26:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/02 21:25:31 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/03/02 21:24:58 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/02 20:59:41 | 000,006,553 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/03/02 18:14:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/02 17:41:20 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/03/02 11:26:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\Carlee Jae\My Documents\*.tmp files -> C:\Documents and Settings\Carlee Jae\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/02 23:25:56 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Carlee Jae\Desktop\Notepad.lnk
[2011/03/02 21:50:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2011/03/02 18:41:05 | 000,006,553 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/03/02 17:58:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/02 12:17:39 | 536,268,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/11 23:32:45 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Carlee Jae\Application Data\start
[2010/11/11 21:34:18 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Carlee Jae\Application Data\install
[2009/07/29 16:29:28 | 000,000,299 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/07/29 16:29:24 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/07/24 17:44:59 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/02/15 14:31:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/15 07:51:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/02/14 16:21:50 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/02/07 16:20:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/07 14:14:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2003/01/29 17:58:09 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/29 17:57:13 | 000,000,665 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/29 17:23:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/01/29 17:06:48 | 000,000,040 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2003/01/29 17:03:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2003/01/29 16:39:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2003/01/29 16:21:53 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2003/01/29 16:20:43 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2003/01/29 16:18:22 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2003/01/29 16:18:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2003/01/29 16:18:22 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2003/01/29 16:18:22 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2003/01/29 16:15:19 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/29 13:09:47 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/29 13:08:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/01/29 13:04:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/01/29 13:03:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/29 11:36:47 | 000,000,386 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/29 11:36:06 | 000,313,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/01/29 11:36:06 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/01/29 11:36:06 | 000,041,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/01/29 11:36:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/01/29 11:36:05 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/01/29 11:36:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/01/29 11:36:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/29 11:35:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/01/29 11:35:53 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/01/29 11:35:43 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/01/29 11:35:31 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/29 04:59:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/29 04:59:01 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/12/13 20:17:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/12/13 20:17:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\tosbthcrpapi.dll
[2002/12/13 20:17:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommApi.dll
[2002/12/13 20:17:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/13 20:17:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtacc.dll
[2002/07/30 14:33:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/01/29 13:06:39 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/02/15 20:14:25 | 000,001,538 | -H-- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/03/02 18:25:47 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/02/15 08:57:45 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/02/14 13:52:09 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2002/08/29 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2007/02/13 23:37:45 | 000,004,128 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/02/15 08:57:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Carlee Jae\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/01/29 04:58:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/01/29 04:58:33 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/01/29 04:58:33 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/08/29 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/08/29 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/08/29 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/08/29 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/08/29 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/08/29 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/08/29 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/08/29 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/08/29 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/08/29 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 00:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 00:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 00:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 00:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 00:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 00:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2007/02/15 08:27:50 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/08/22 14:34:31 | 000,000,055 | ---- | M] () -- C:\DVDPATH.TXT
[2011/03/02 23:34:03 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2003/01/29 13:07:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/01/29 17:24:53 | 000,000,505 | -H-- | M] () -- C:\IPH.PH
[2011/03/02 23:19:42 | 000,019,572 | ---- | M] () -- C:\JavaRa.log
[2003/01/29 13:07:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/02/15 08:20:02 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/03/02 18:14:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/02 23:34:01 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2003/11/02 14:24:24 | 033,554,896 | ---- | M] (Installshield Software Corporation) -- C:\PaintShop Pro 7.exe
[2007/02/14 14:30:37 | 000,017,590 | ---- | M] () -- C:\PkgClnup.log
[2007/02/14 14:34:32 | 000,023,731 | -H-- | M] () -- C:\_NavCClt.Log

< %PROGRAMFILES%\*. >
[2007/02/18 16:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/26 17:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 8.0
[2003/01/29 14:49:34 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2003/01/29 17:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2003/01/29 15:57:16 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2003/01/29 18:28:13 | 000,000,000 | ---D | M] -- C:\Program Files\AT&T
[2009/07/24 17:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\ATT
[2011/03/02 22:18:33 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/01/29 13:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/02/15 13:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2003/01/29 17:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\DataLode
[2003/01/29 17:36:14 | 000,000,000 | ---D | M] -- C:\Program Files\Drag'n Drop CD+DVD
[2003/01/29 18:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-RAM
[2007/02/14 14:40:40 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/02/15 13:18:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2003/01/29 15:55:21 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/06/12 19:54:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/02/14 17:01:22 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2011/03/02 22:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/05/31 10:40:11 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2003/01/29 16:18:22 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2011/03/02 21:24:54 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/02/15 14:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2003/01/29 13:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/02/15 14:29:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/02/15 14:30:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2003/01/29 13:17:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/03/02 20:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2003/01/29 13:04:06 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2003/01/29 13:03:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/05/31 10:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2011/03/02 18:18:22 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2003/01/29 13:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/03/02 20:37:25 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/02/14 14:40:42 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2003/01/29 17:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2003/01/29 17:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/29 16:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra On-Line
[2007/02/14 14:31:25 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2007/02/14 14:31:00 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec_Client_Security
[2003/02/07 14:11:53 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2003/01/29 17:09:02 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Access Files
[2003/01/29 13:10:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2003/01/29 17:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2011/03/02 18:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/03/02 18:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/02/14 14:34:57 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/07/29 16:30:37 | 000,000,000 | ---D | M] -- C:\Program Files\WON
[2003/01/29 13:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2003/01/29 04:59:33 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\desktop.ini
[2010/04/16 19:38:19 | 000,030,824 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\GDIPFONTCACHEV1.DAT
[2010/11/11 21:34:18 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\install
[2010/11/11 23:32:45 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\start


< MD5 for: AGP440.SYS >
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2002/08/29 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:disk.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:disk.sys
[2004/08/04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:usbstor.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:usbstor.sys
[2004/08/04 01:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-02 22:51:08

< End of report >

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Fri 04 Mar 2011, 7:08 am

Is there anything else I need to post for now? I think I posted all that was required according to the readme.

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by Belahzur on Fri 04 Mar 2011, 12:38 pm

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Sun 06 Mar 2011, 4:09 pm

The system is still running Combo-Fix, as it has been now for well over an hour. I am going to let it keep going though it has not even got to Step 1 yet on the display. I got the message that it found the MBR infected and to make sure that any AV programs were closed (all are disabled), and hit "OK". No screen updates have occured since then and no indication that it is doing anything. I will let it go all night if I need to.

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Mon 07 Mar 2011, 1:58 pm

ComboFix never got to any of the steps, it hung at the same spot right after finding the MBR infected as I stated above. I let it run for 12 hours and no progress was made. What should I do next?

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by Belahzur on Tue 08 Mar 2011, 12:13 pm

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Wed 09 Mar 2011, 1:47 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0x82CBF000 \WINDOWS\system32\KDCOM.DLL
0xF88C8000 \WINDOWS\system32\BOOTVID.dll
0xF8465000 ACPI.sys
0xF89B4000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8454000 pci.sys
0xF84B4000 isapnp.sys
0xF84C4000 ohci1394.sys
0xF84D4000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF88CC000 compbatt.sys
0xF88D0000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8A7C000 pciide.sys
0xF8734000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF89B6000 intelide.sys
0xF8436000 pcmcia.sys
0xF84E4000 MountMgr.sys
0xF8417000 ftdisk.sys
0xF873C000 PartMgr.sys
0xF84F4000 VolSnap.sys
0xF83FF000 atapi.sys
0xF8504000 disk.sys
0xF8514000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF83DF000 fltmgr.sys
0xF83CD000 sr.sys
0xF8524000 PxHelp20.sys
0xF83B6000 KSecDD.sys
0xF8329000 Ntfs.sys
0xF82FC000 NDIS.sys
0xF89B8000 TVALG.SYS
0xF89BA000 TVALD.SYS
0xF82E2000 Mup.sys
0xF8534000 agp440.sys
0xF8564000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF77F3000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF87F4000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF77BB000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF87FC000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7798000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF7555000 \SystemRoot\System32\DRIVERS\w70n51.sys
0xF8804000 \SystemRoot\System32\DRIVERS\tsdhd.sys
0xF86B4000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF880C000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF753D000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
0xF8814000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7529000 \SystemRoot\System32\DRIVERS\parport.sys
0xF86C4000 \SystemRoot\System32\DRIVERS\serial.sys
0xF898C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF86D4000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF86E4000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF86F4000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7506000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7487000 \SystemRoot\system32\drivers\smwdm.sys
0xF7463000 \SystemRoot\system32\drivers\portcls.sys
0xF8704000 \SystemRoot\system32\drivers\drmk.sys
0xF744B000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7330000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF881C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF89A0000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8714000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF8B44000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF731E000 \SystemRoot\System32\DRIVERS\bridge.sys
0xF8824000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF882C000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF8724000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF89AC000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7307000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8574000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7958000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF72F6000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7948000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF883C000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8844000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF884C000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF7938000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF89E8000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7298000 \SystemRoot\System32\DRIVERS\update.sys
0xF82B2000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7928000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7918000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF89F2000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF89F4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8BEB000 \SystemRoot\System32\Drivers\Null.SYS
0xF89F6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8874000 \SystemRoot\System32\drivers\vga.sys
0xF89F8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89FA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF5556000 \SystemRoot\System32\Drivers\meiudf.sys
0xF5545000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF887C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8884000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7D34000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5532000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF54D9000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF54B1000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF548F000 \SystemRoot\System32\drivers\afd.sys
0xF78F8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF89FC000 \SystemRoot\System32\Drivers\TMEI3E.SYS
0xF5464000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF53CC000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF78D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xF53A6000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF78C8000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF8584000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF52EE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A02000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6278000 \SystemRoot\System32\drivers\Dxapi.sys
0xF889C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BCA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xF2C77000 \SystemRoot\System32\DRIVERS\irda.sys
0xF2DAD000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF2A1A000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF89E0000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF89E2000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF294B000 \SystemRoot\System32\DRIVERS\srv.sys
0xF293A000 \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
0xF2795000 \SystemRoot\system32\drivers\wdmaud.sys
0xF292A000 \SystemRoot\system32\drivers\sysaudio.sys
0xF28BA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF2136000 \SystemRoot\System32\Drivers\HTTP.sys
0xF1F2B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
1012 C:\WINDOWS\system32\smss.exe
1064 csrss.exe
1088 C:\WINDOWS\system32\winlogon.exe
1132 C:\WINDOWS\system32\services.exe
1144 C:\WINDOWS\system32\lsass.exe
1300 C:\WINDOWS\system32\svchost.exe
1356 svchost.exe
1500 C:\WINDOWS\system32\svchost.exe
1548 svchost.exe
1644 svchost.exe
372 C:\WINDOWS\system32\spoolsv.exe
444 C:\WINDOWS\explorer.exe
576 svchost.exe
636 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
676 C:\WINDOWS\system32\DVDRAMSV.exe
744 C:\Program Files\Java\jre6\bin\jqs.exe
788 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
868 C:\WINDOWS\system32\nvsvc32.exe
904 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
988 C:\WINDOWS\system32\svchost.exe
1468 C:\Program Files\Toshiba\TME3\tmesbs32.exe
1612 C:\Program Files\Toshiba\TME3\TMESRV31.exe
1788 C:\WINDOWS\wanmpsvc.exe
1984 C:\Program Files\Picasa2\PicasaMediaDetector.exe
2000 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2028 C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
144 C:\Program Files\Common Files\Java\Java Update\jusched.exe
224 C:\WINDOWS\system32\ctfmon.exe
256 C:\Program Files\Messenger\msmsgs.exe
248 C:\WINDOWS\system32\wuauclt.exe
592 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3876 alg.exe
648 C:\Program Files\Internet Explorer\iexplore.exe
660 C:\Program Files\Internet Explorer\iexplore.exe
2548 C:\Documents and Settings\Carlee Jae\Local Settings\Temporary Internet Files\Content.IE5\FE6F15NU\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK6026GAX, Rev: PA202G

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Wed 09 Mar 2011, 1:54 pm

btw, I've also noticed that this machine also has the amazonaws hijack infection too.

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by Belahzur on Thu 10 Mar 2011, 11:28 am

Hmm.
Try running Combofix again.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Thu 10 Mar 2011, 11:43 am

Will run it momentarily

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Thu 10 Mar 2011, 11:56 am

Said a new version was available - downloaded new version using same instructions as previously given. Now running.... (On infected computer, I am typing this on another one)

Gave beep warning as normal, Blue Box opened.
Please wait.
ComboFix is preparing to run.

Attempting to create a new System Restore Point
(progress screen popped up during the creation then went away)

Blue screen blanked.

Scannign for infected files . . .
this typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

Then about a minute or two later a pop up:

Warning!! The Master Boot Record is infected !!

make sure your antivirus programs are disabled before clicking OK

(No antivirus programs are active that I am aware of - I click OK)

I'll let it continue for a while, but this is the same spot where it hung the other times I tried to run Combo Fix.



pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Thu 10 Mar 2011, 12:09 pm

It is not doing anything at all.

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Thu 10 Mar 2011, 4:38 pm

I installed McAfee on the machine to see if it could figure out the MBR virus and it found TDSS.D!MEM trojan that apparently affects the MBR.

anyway, after it ran, I re-ran ComboFix and it did not give the error I described above about the MBR, however, it basically stopped at the same spot, never getting to Step 1, Step 2, etc... as I have seen when I had to use it on my own machine last year. So, for some reason, combofix will not run on this machine. Of course, I disabled McAfee prior to running Combo Fix.

Do you happen to know the memory requirements combofix requires? This machine only has 512MB of ram currently.


Last edited by pparazorback on Thu 10 Mar 2011, 4:40 pm; edited 1 time in total (Reason for editing : add disabling of McAfee)

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by Belahzur on Fri 11 Mar 2011, 11:51 am

Sigh. Okay, lets do this instead.


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Fri 11 Mar 2011, 12:07 pm

I get a popup that says ERROR then

Valid command line parameters:

-l (path to log file)
-qpath (path to quarantine folder)
... etc ...

The exact command I am putting in the Run box via copy/paste is:

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

the file is extracted to the Desktop folder directly as directed. I do know you deal with some people that know nothing, I am mostly computer literate, just not malware literate. All the desktops I ever owned were pieced together with parts I purchased. I am stumped here.

Is there an error on that line?


pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by Belahzur on Fri 11 Mar 2011, 12:17 pm

Sorry, wrong speech, use these next instructions.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Fri 11 Mar 2011, 12:23 pm

McAfee knocked it out it appears. However, combofix still hangs at the same spot.

2011/03/10 20:20:40.0714 4072 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/10 20:20:41.0836 4072 ================================================================================
2011/03/10 20:20:41.0836 4072 SystemInfo:
2011/03/10 20:20:41.0836 4072
2011/03/10 20:20:41.0836 4072 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/10 20:20:41.0836 4072 Product type: Workstation
2011/03/10 20:20:41.0836 4072 ComputerName: CARLEES-PC
2011/03/10 20:20:41.0836 4072 UserName: Carlee Jae
2011/03/10 20:20:41.0836 4072 Windows directory: C:\WINDOWS
2011/03/10 20:20:41.0836 4072 System windows directory: C:\WINDOWS
2011/03/10 20:20:41.0836 4072 Processor architecture: Intel x86
2011/03/10 20:20:41.0836 4072 Number of processors: 1
2011/03/10 20:20:41.0836 4072 Page size: 0x1000
2011/03/10 20:20:41.0836 4072 Boot type: Normal boot
2011/03/10 20:20:41.0836 4072 ================================================================================
2011/03/10 20:20:43.0548 4072 Initialize success
2011/03/10 20:20:48.0385 2332 ================================================================================
2011/03/10 20:20:48.0385 2332 Scan started
2011/03/10 20:20:48.0385 2332 Mode: Manual;
2011/03/10 20:20:48.0385 2332 ================================================================================
2011/03/10 20:20:50.0899 2332 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/10 20:20:50.0999 2332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/10 20:20:51.0219 2332 aeaudio (b2886807ac2543da273765cef4d82d68) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/03/10 20:20:51.0490 2332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/10 20:20:51.0600 2332 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/10 20:20:51.0760 2332 AgereSoftModem (55188b7c84a4c5e73e0680f744c4561d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/03/10 20:20:52.0000 2332 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/10 20:20:52.0441 2332 ApfiltrService (25b063d45e57f06b175f29140c700a14) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/03/10 20:20:52.0671 2332 AR5211 (e9508380019d4a3e028d58da022ac00c) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/03/10 20:20:52.0892 2332 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/10 20:20:53.0212 2332 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/03/10 20:20:53.0433 2332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/10 20:20:53.0533 2332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/10 20:20:53.0663 2332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/10 20:20:53.0773 2332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/10 20:20:53.0883 2332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/10 20:20:53.0973 2332 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/03/10 20:20:54.0003 2332 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/03/10 20:20:54.0344 2332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/10 20:20:54.0484 2332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/10 20:20:54.0584 2332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/10 20:20:54.0664 2332 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/10 20:20:54.0784 2332 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/03/10 20:20:55.0045 2332 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/10 20:20:55.0235 2332 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/10 20:20:55.0746 2332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/10 20:20:56.0186 2332 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/10 20:20:56.0357 2332 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/10 20:20:56.0467 2332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/10 20:20:56.0557 2332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/10 20:20:56.0677 2332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/10 20:20:56.0787 2332 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/10 20:20:56.0928 2332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/10 20:20:57.0038 2332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/10 20:20:57.0158 2332 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/10 20:20:57.0238 2332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/10 20:20:57.0348 2332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/10 20:20:57.0438 2332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/10 20:20:57.0538 2332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/10 20:20:57.0619 2332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/10 20:20:57.0719 2332 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
2011/03/10 20:20:57.0939 2332 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/10 20:20:58.0159 2332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/10 20:20:58.0390 2332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/10 20:20:58.0460 2332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/10 20:20:58.0630 2332 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/10 20:20:58.0740 2332 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/10 20:20:58.0820 2332 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/10 20:20:58.0920 2332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/10 20:20:59.0021 2332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/10 20:20:59.0141 2332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/10 20:20:59.0231 2332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/10 20:20:59.0371 2332 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/03/10 20:20:59.0451 2332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/10 20:20:59.0541 2332 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/10 20:20:59.0631 2332 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/10 20:20:59.0702 2332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/10 20:20:59.0792 2332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/10 20:21:00.0032 2332 meiudf (ca753dc07944380291584155cd6f223d) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/03/10 20:21:00.0413 2332 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/03/10 20:21:00.0713 2332 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/03/10 20:21:01.0003 2332 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/03/10 20:21:01.0384 2332 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/03/10 20:21:01.0654 2332 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/03/10 20:21:01.0885 2332 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/03/10 20:21:02.0005 2332 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/03/10 20:21:02.0085 2332 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/03/10 20:21:02.0325 2332 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/03/10 20:21:02.0566 2332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/10 20:21:02.0666 2332 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/10 20:21:02.0736 2332 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/10 20:21:02.0826 2332 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/10 20:21:02.0916 2332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/10 20:21:03.0167 2332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/10 20:21:03.0307 2332 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/10 20:21:03.0407 2332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/10 20:21:03.0497 2332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/10 20:21:03.0587 2332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/10 20:21:03.0677 2332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/10 20:21:03.0757 2332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/10 20:21:03.0817 2332 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/10 20:21:03.0968 2332 NAVAP (70c4d2474833b6ef16342e5d33359ff6) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
2011/03/10 20:21:04.0138 2332 NAVAPEL (f81a56a1be2c0ea8c2ff320cd5dc9aad) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
2011/03/10 20:21:04.0398 2332 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVENG.sys
2011/03/10 20:21:04.0739 2332 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVEX15.sys
2011/03/10 20:21:05.0179 2332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/10 20:21:05.0290 2332 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/10 20:21:05.0360 2332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/10 20:21:05.0430 2332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/10 20:21:05.0500 2332 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/10 20:21:05.0580 2332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/10 20:21:05.0720 2332 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/10 20:21:05.0830 2332 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/10 20:21:05.0920 2332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/10 20:21:06.0021 2332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/10 20:21:06.0191 2332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/10 20:21:06.0351 2332 nv (516f739239c0c622ed552a9d4ccc4233) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/10 20:21:06.0621 2332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/10 20:21:06.0702 2332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/10 20:21:06.0812 2332 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/10 20:21:06.0872 2332 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/10 20:21:06.0972 2332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/10 20:21:07.0072 2332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/10 20:21:07.0172 2332 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/10 20:21:07.0503 2332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/10 20:21:07.0613 2332 pciSd (211dfecbe31f9e39de5708cdbc04f911) C:\WINDOWS\system32\DRIVERS\tossdpci.sys
2011/03/10 20:21:07.0863 2332 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/10 20:21:08.0364 2332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/10 20:21:08.0464 2332 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/10 20:21:08.0544 2332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/10 20:21:08.0624 2332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/10 20:21:08.0724 2332 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/03/10 20:21:09.0305 2332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/10 20:21:09.0405 2332 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/03/10 20:21:09.0476 2332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/10 20:21:09.0566 2332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/10 20:21:09.0656 2332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/10 20:21:09.0736 2332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/10 20:21:09.0826 2332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/10 20:21:09.0936 2332 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/10 20:21:10.0036 2332 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/10 20:21:10.0207 2332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/10 20:21:10.0457 2332 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/10 20:21:10.0527 2332 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/10 20:21:10.0597 2332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/03/10 20:21:10.0807 2332 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/03/10 20:21:11.0078 2332 smwdm (f7d7b86ec1bbfc096800e3dd66689d68) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/10 20:21:11.0669 2332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/10 20:21:11.0739 2332 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/10 20:21:11.0869 2332 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/10 20:21:11.0969 2332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/10 20:21:12.0049 2332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/10 20:21:12.0360 2332 SymEvent (275263f78ea934b98c16eb5749ff250d) C:\Program Files\Symantec\SYMEVENT.SYS
2011/03/10 20:21:12.0750 2332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/10 20:21:12.0850 2332 TBiosDrv (1f26d86828039c0b594399f7f2ffef09) C:\WINDOWS\System32\Drivers\Tbiosdrv.sys
2011/03/10 20:21:13.0151 2332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/10 20:21:13.0271 2332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/10 20:21:13.0361 2332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/10 20:21:13.0461 2332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/10 20:21:13.0581 2332 TMEI3E (dde020c16673b702d7235b0d96d34fd7) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
2011/03/10 20:21:13.0842 2332 tosrfec (e4ff5d3ae0edc36c55c3c75567a8322d) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2011/03/10 20:21:14.0062 2332 tsdhd (8eebde38f9f24b1072468bd0bf68a2b0) C:\WINDOWS\system32\DRIVERS\tsdhd.sys
2011/03/10 20:21:14.0343 2332 TVALD (9fb4e326a7c70c3c4be767b8ef932bcf) C:\WINDOWS\system32\DRIVERS\TVALD.SYS
2011/03/10 20:21:14.0543 2332 TVALG (80ebc386bd6f71e0b352c956492fd5bd) C:\WINDOWS\system32\DRIVERS\TVALG.SYS
2011/03/10 20:21:14.0723 2332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/10 20:21:14.0913 2332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/10 20:21:15.0024 2332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/10 20:21:15.0084 2332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/10 20:21:15.0184 2332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/10 20:21:15.0284 2332 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/10 20:21:15.0404 2332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/10 20:21:15.0464 2332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/10 20:21:15.0604 2332 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/10 20:21:15.0875 2332 w70n51 (a7412fbf0d838dc42a12d5e6cacb1788) C:\WINDOWS\system32\DRIVERS\w70n51.sys
2011/03/10 20:21:16.0145 2332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/10 20:21:16.0245 2332 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/03/10 20:21:16.0416 2332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/10 20:21:16.0706 2332 ================================================================================
2011/03/10 20:21:16.0706 2332 Scan finished
2011/03/10 20:21:16.0706 2332 ================================================================================
2011/03/10 20:21:23.0396 3440 Deinitialize success

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Fri 11 Mar 2011, 12:59 pm

Since I installed McAfee and got rid of a lot of viruses that it found and a couple of Trojans. Here is the most current OTL Logs:

OTL logfile created on: 3/10/2011 8:36:45 PM - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Carlee Jae\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 239.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 41.09 Gb Free Space | 73.51% Space Free | Partition Type: NTFS

Computer Name: CARLEES-PC | User Name: Carlee Jae | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/02 23:21:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlee Jae\Desktop\OTL.com
PRC - [2011/01/17 16:15:32 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/04/26 11:31:00 | 000,078,336 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 21:52:44 | 000,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2003/01/21 14:10:44 | 000,122,880 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2002/11/30 00:09:22 | 000,086,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\tmesbs32.exe
PRC - [2002/11/08 17:27:18 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2002/10/04 15:24:18 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/07/30 14:36:00 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2002/07/15 19:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/03/02 23:21:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlee Jae\Desktop\OTL.com
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 19:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/01/05 13:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2003/01/21 14:10:44 | 000,122,880 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2002/11/30 00:09:22 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2002/11/08 17:27:18 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/10/04 15:24:18 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2002/07/30 14:40:44 | 000,573,440 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/07/30 14:36:00 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2002/07/15 19:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/10/18 03:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 03:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/02/14 14:30:36 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/01/29 17:24:36 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/01/17 20:39:10 | 000,253,248 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2003/01/13 10:07:16 | 002,370,688 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2002/12/13 20:16:58 | 000,008,541 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2002/12/13 03:41:48 | 000,099,577 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/11/22 13:21:18 | 001,157,856 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/11/15 16:28:22 | 000,090,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2002/11/05 23:02:22 | 000,025,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
DRV - [2002/10/09 14:18:16 | 000,015,143 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TOSSDPCI.SYS -- (pciSd)
DRV - [2002/10/04 15:22:16 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/06/21 02:53:28 | 000,005,300 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD)
DRV - [2002/06/19 23:57:14 | 000,029,184 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2002/06/19 23:57:12 | 000,218,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2002/01/24 17:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)
DRV - [2001/09/13 22:53:02 | 000,005,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/09 23:56:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110309214901.dll (McAfee, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Drop Down Deals\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8458f000-6cc9-11df-a8f5-000423481a04}\Shell - "" = AutoRun
O33 - MountPoints2\{8458f000-6cc9-11df-a8f5-000423481a04}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8458f000-6cc9-11df-a8f5-000423481a04}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: 000StTHK - hkey= - key= - File not found
MsConfig - StartUpReg: 00THotkey - hkey= - key= - File not found
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: ccApp - hkey= - key= - File not found
MsConfig - StartUpReg: ccRegVfy - hkey= - key= - File not found
MsConfig - StartUpReg: DpUtil - hkey= - key= - C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
MsConfig - StartUpReg: ezShieldProtector for Px - hkey= - key= - File not found
MsConfig - StartUpReg: LtMoh - hkey= - key= - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NAV CfgWiz - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: Pinger - hkey= - key= - c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: TFncKy - hkey= - key= - File not found
MsConfig - StartUpReg: TFNF5 - hkey= - key= - File not found
MsConfig - StartUpReg: TMEEJME.EXE - hkey= - key= - C:\Program Files\Toshiba\TME3\TMEEJME.exe (TOSHIBA)
MsConfig - StartUpReg: TMERzCtl.EXE - hkey= - key= - C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
MsConfig - StartUpReg: TMESBS.EXE - hkey= - key= - C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
MsConfig - StartUpReg: TMESRV.EXE - hkey= - key= - C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
MsConfig - StartUpReg: TosHKCW.exe - hkey= - key= - C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
MsConfig - StartUpReg: Tpwrtray - hkey= - key= - File not found
MsConfig - StartUpReg: TSysSMon - hkey= - key= - c:\toshiba\sysstability\tsyssmon.exe (TOSHIBA)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - File not found
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - File not found
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/10 19:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/03/10 18:12:21 | 000,000,000 | --SD | C] -- C:\Combo-Fix11916C
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlee Jae\Desktop\TDSSKiller.exe
[2011/03/10 00:55:21 | 000,000,000 | --SD | C] -- C:\Combo-Fix26028C
[2011/03/10 00:13:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/09 21:48:57 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/03/09 21:48:38 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011/03/09 21:48:38 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011/03/09 21:48:38 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/03/09 21:48:38 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011/03/09 21:48:37 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/03/09 21:48:37 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011/03/09 21:48:37 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/03/09 21:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/03/09 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/03/09 21:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/03/09 21:28:41 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011/03/09 21:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/09 21:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/03/09 21:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/03/09 21:21:57 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/03/09 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/03/09 21:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Drop Down Deals
[2011/03/09 20:45:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/09 20:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar(2)
[2011/03/09 20:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar(2)
[2011/03/09 20:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer(2)
[2011/03/09 20:25:52 | 000,000,000 | ---D | C] -- C:\Combo-Fix(2)
[2011/03/05 22:47:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/05 22:47:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/05 22:47:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/05 22:47:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/05 22:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/05 22:46:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/05 22:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlee Jae\Application Data\whitesmoketoolbar
[2011/03/02 23:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/03/02 23:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2011/03/02 23:20:54 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carlee Jae\Desktop\OTL.com
[2011/03/02 22:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/02 22:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/02 22:16:02 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/02 22:16:01 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/02 22:16:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/02 22:16:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/02 22:15:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/02 22:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/02 22:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlee Jae\Application Data\Sun
[2011/03/02 21:25:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/02 18:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/02 18:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/03/02 18:23:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/03/02 18:23:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/03/02 18:05:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\Carlee Jae\My Documents\*.tmp files -> C:\Documents and Settings\Carlee Jae\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/10 20:20:20 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlee Jae\Desktop\TDSSKiller.exe
[2011/03/10 19:59:12 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Desktop\tdsskiller.zip
[2011/03/10 19:55:32 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/03/10 19:55:24 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/10 19:55:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/10 17:47:29 | 004,287,475 | R--- | M] () -- C:\Documents and Settings\Carlee Jae\Desktop\Combo-Fix.exe
[2011/03/10 00:14:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/09 21:21:32 | 000,012,596 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\757988183
[2011/03/09 21:16:43 | 000,013,272 | -HS- | M] () -- C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\757988183
[2011/03/09 21:16:43 | 000,013,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\450146407
[2011/03/09 21:14:50 | 000,005,766 | -HS- | M] () -- C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\450146407
[2011/03/08 21:55:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/08 21:43:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/02 23:26:05 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Desktop\Notepad.lnk
[2011/03/02 23:21:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlee Jae\Desktop\OTL.com
[2011/03/02 22:14:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/02 22:14:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/02 22:14:43 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/02 22:14:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/02 22:14:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/02 21:50:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI
[2011/03/02 21:39:34 | 000,313,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/02 21:39:34 | 000,041,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/02 21:38:05 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/02 21:37:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/02 21:24:58 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/02 20:59:41 | 000,006,553 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/03/02 18:14:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\Carlee Jae\My Documents\*.tmp files -> C:\Documents and Settings\Carlee Jae\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/10 19:59:05 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Carlee Jae\Desktop\tdsskiller.zip
[2011/03/09 21:53:48 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/03/09 21:12:52 | 000,005,766 | -HS- | C] () -- C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\450146407
[2011/03/09 21:12:18 | 000,013,272 | -HS- | C] () -- C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\757988183
[2011/03/09 21:12:18 | 000,013,272 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\450146407
[2011/03/09 21:10:57 | 000,012,596 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\757988183
[2011/03/09 21:10:57 | 000,012,596 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\757988183
[2011/03/09 20:34:04 | 536,268,800 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/09 19:46:24 | 004,287,475 | R--- | C] () -- C:\Documents and Settings\Carlee Jae\Desktop\Combo-Fix.exe
[2011/03/05 22:56:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/05 22:56:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/05 22:47:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/05 22:47:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/05 22:47:50 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/05 22:47:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/05 22:47:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/02 23:25:56 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Carlee Jae\Desktop\Notepad.lnk
[2011/03/02 21:50:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2011/03/02 18:41:05 | 000,006,553 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/03/02 17:58:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 23:32:45 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Carlee Jae\Application Data\start
[2010/11/11 21:34:18 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Carlee Jae\Application Data\install
[2009/07/29 16:29:28 | 000,000,299 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/07/29 16:29:24 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/07/24 17:44:59 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/02/15 14:31:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/15 07:51:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/02/14 16:21:50 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/02/07 16:20:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/07 14:14:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2003/01/29 17:58:09 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/29 17:57:13 | 000,000,665 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/29 17:23:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/01/29 17:06:48 | 000,000,040 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2003/01/29 17:03:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2003/01/29 16:39:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2003/01/29 16:21:53 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2003/01/29 16:20:43 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2003/01/29 16:18:22 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2003/01/29 16:18:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2003/01/29 16:18:22 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2003/01/29 16:18:22 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2003/01/29 16:15:19 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/29 13:09:47 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/29 13:08:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/01/29 13:04:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/01/29 13:03:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/29 11:36:47 | 000,000,386 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/29 11:36:06 | 000,313,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/01/29 11:36:06 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/01/29 11:36:06 | 000,041,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/01/29 11:36:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/01/29 11:36:05 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/01/29 11:36:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/01/29 11:36:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/29 11:35:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/01/29 11:35:53 | 000,049,156 | ---- | C] () -- C:\WINDOWS\System32\certstore.dat
[2003/01/29 11:35:53 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/01/29 11:35:43 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/01/29 11:35:31 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/29 04:59:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/29 04:59:01 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/12/13 20:17:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/12/13 20:17:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\tosbthcrpapi.dll
[2002/12/13 20:17:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommApi.dll
[2002/12/13 20:17:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/13 20:17:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtacc.dll
[2002/07/30 14:33:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll





pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Fri 11 Mar 2011, 12:59 pm

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/01/29 13:06:39 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/02/15 20:14:25 | 000,001,538 | -H-- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/03/02 18:25:47 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/02/15 08:57:45 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/02/14 13:52:09 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/03/10 17:47:29 | 004,287,475 | R--- | M] () -- C:\Documents and Settings\Carlee Jae\Desktop\Combo-Fix.exe
[2011/03/10 20:20:20 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carlee Jae\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2002/08/29 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2007/02/13 23:37:45 | 000,004,128 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/02/15 08:57:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Carlee Jae\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 12:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 12:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/01/29 04:58:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/01/29 04:58:33 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/01/29 04:58:33 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/08/29 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/08/29 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/08/29 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/08/29 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/08/29 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/08/29 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/08/29 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/08/29 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/08/29 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/08/29 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 00:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 00:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 00:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 00:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 00:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 00:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2007/02/15 08:27:50 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/10 00:14:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/08/22 14:34:31 | 000,000,055 | ---- | M] () -- C:\DVDPATH.TXT
[2011/03/10 19:55:24 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2003/01/29 13:07:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/01/29 17:24:53 | 000,000,505 | -H-- | M] () -- C:\IPH.PH
[2011/03/02 23:19:42 | 000,019,572 | ---- | M] () -- C:\JavaRa.log
[2003/01/29 13:07:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/02/15 08:20:02 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/03/02 18:14:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/10 19:55:23 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2003/11/02 14:24:24 | 033,554,896 | ---- | M] (Installshield Software Corporation) -- C:\PaintShop Pro 7.exe
[2007/02/14 14:30:37 | 000,017,590 | ---- | M] () -- C:\PkgClnup.log
[2011/03/10 20:21:23 | 000,041,582 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_10.03.2011_20.20.40_log.txt
[2007/02/14 14:34:32 | 000,023,731 | -H-- | M] () -- C:\_NavCClt.Log

< %PROGRAMFILES%\*. >
[2007/02/18 16:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/26 17:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 8.0
[2003/01/29 14:49:34 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2003/01/29 17:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2003/01/29 15:57:16 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2003/01/29 18:28:13 | 000,000,000 | ---D | M] -- C:\Program Files\AT&T
[2009/07/24 17:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\ATT
[2011/03/09 21:48:23 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/01/29 13:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/02/15 13:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2003/01/29 17:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\DataLode
[2003/01/29 17:36:14 | 000,000,000 | ---D | M] -- C:\Program Files\Drag'n Drop CD+DVD
[2011/03/09 21:21:50 | 000,000,000 | ---D | M] -- C:\Program Files\Drop Down Deals
[2003/01/29 18:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-RAM
[2007/02/14 14:40:40 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/02/15 13:18:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2003/01/29 15:55:21 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/06/12 19:54:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/02/14 17:01:22 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2011/03/02 22:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/05/31 10:40:11 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2003/01/29 16:18:22 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2011/03/09 23:58:33 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2011/03/09 21:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2011/03/02 21:24:54 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/02/15 14:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2003/01/29 13:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/02/15 14:29:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/02/15 14:30:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2003/01/29 13:17:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/03/02 20:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2003/01/29 13:04:06 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2003/01/29 13:03:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/05/31 10:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2011/03/02 18:18:22 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2003/01/29 13:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/03/02 20:37:25 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/02/14 14:40:42 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2003/01/29 17:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2003/01/29 17:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2011/03/02 23:57:37 | 000,000,000 | ---D | M] -- C:\Program Files\Search Toolbar
[2009/07/29 16:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra On-Line
[2007/02/14 14:31:25 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2007/02/14 14:31:00 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec_Client_Security
[2003/02/07 14:11:53 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2003/01/29 17:09:02 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Access Files
[2003/01/29 13:10:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2003/01/29 17:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2011/03/09 21:22:09 | 000,000,000 | ---D | M] -- C:\Program Files\whitesmoketoolbar
[2011/03/09 21:21:28 | 000,000,000 | ---D | M] -- C:\Program Files\whitesmoketoolbar(2)
[2011/03/02 18:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/03/02 18:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/02/14 14:34:57 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/07/29 16:30:37 | 000,000,000 | ---D | M] -- C:\Program Files\WON
[2003/01/29 13:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/03/02 23:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Client

< %appdata%\*.* >
[2003/01/29 04:59:33 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\desktop.ini
[2010/04/16 19:38:19 | 000,030,824 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\GDIPFONTCACHEV1.DAT
[2010/11/11 21:34:18 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\install
[2010/11/11 23:32:45 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Carlee Jae\Application Data\start


< MD5 for: AGP440.SYS >
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2002/08/29 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:disk.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:disk.sys
[2004/08/04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:usbstor.sys
[2007/02/15 08:16:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2011/03/02 18:05:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:usbstor.sys
[2004/08/04 01:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-02 22:51:08

< End of report >

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by Belahzur on Sat 12 Mar 2011, 11:07 am

Hello.
Okay, doesn't look too bad, lets finish this off.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2011/03/09 21:12:52 | 000,005,766 | -HS- | C] () -- C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\450146407
    [2011/03/09 21:12:18 | 000,013,272 | -HS- | C] () -- C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\757988183
    [2011/03/09 21:12:18 | 000,013,272 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\450146407
    [2011/03/09 21:10:57 | 000,012,596 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\757988183
    [2011/03/09 21:10:57 | 000,012,596 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\757988183
    [2010/11/11 23:32:45 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Carlee Jae\Application Data\start
    [2010/11/11 21:34:18 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Carlee Jae\Application Data\install

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Sat 12 Mar 2011, 4:51 pm

I have ordered 1 GB of Ram for this PC for her, as some of her issues non-malware related are due to only having 512MB of ram. 1GB is max for this particular model.

Anyway, here is the log as requested:

All processes killed
========== OTL ==========
C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\450146407 moved successfully.
C:\Documents and Settings\Carlee Jae\Local Settings\Application Data\757988183 moved successfully.
C:\Documents and Settings\All Users\Application Data\450146407 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\757988183 moved successfully.
C:\Documents and Settings\All Users\Application Data\757988183 moved successfully.
C:\Documents and Settings\Carlee Jae\Application Data\start moved successfully.
C:\Documents and Settings\Carlee Jae\Application Data\install moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Carlee Jae
->Temp folder emptied: 11058170 bytes
->Temporary Internet Files folder emptied: 690079509 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 2021048 bytes

User: Default User

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1777139 bytes
->Flash cache emptied: 2298 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 100879602 bytes
->Flash cache emptied: 7426 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 555314941 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 195812 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,298.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03122011_001950

Files\Folders moved on Reboot...
C:\Documents and Settings\Carlee Jae\Local Settings\Temp\~DF600A.tmp moved successfully.
C:\Documents and Settings\Carlee Jae\Local Settings\Temporary Internet Files\Content.IE5\0RR1WY1Z\t26281p15-removed-thinkpoint-manually-other-malware-possible[1].htm moved successfully.
C:\Documents and Settings\Carlee Jae\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by Belahzur on Sun 13 Mar 2011, 10:56 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by pparazorback on Sun 13 Mar 2011, 3:39 pm

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6039

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/12/2011 11:35:46 PM
mbam-log-2011-03-12 (23-35-46).txt

Scan type: Quick scan
Objects scanned: 146329
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 66
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\whitesmoketoolbar (PUP.WhiteSmoke) -> Delete on reboot.
c:\program files\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Delete on reboot.
c:\program files\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\rss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\search (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\components (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\start menu\Programs\thinkpoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\preferences.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\stat-history.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\stat.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\stats.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\uninstallie.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\uninstallstatie.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\weatherbutton_prefs.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\weather\866007fc340ef0b66d62968bb662f856 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\weather\a55268e0ae4022170955173466b25d68 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\weather\forecasts_cache.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\carlee jae\application data\whitesmoketoolbar\weather\observations_cache.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

pparazorback

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-08-26
Operating System : Greensboro

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by Belahzur on Mon 14 Mar 2011, 12:33 pm

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed ThinkPoint manually, other malware possible?

Post by Sponsored content Today at 9:23 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum