WiredWX Hobby Weather ToolsLog in

 


How can I remove Thinkpoint malware

2 posters

descriptionHow can I remove Thinkpoint malware EmptyHow can I remove Thinkpoint malware

more_horiz
OTL Extras logfile created on: 18/10/2010 10:15:42 p.m. - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 215.69 Gb Total Space | 187.66 Gb Free Space | 87.00% Space Free | Partition Type: NTFS

Computer Name: DADDYOS | User Name: Apple | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe" = C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe:*:Enabled:igateway -- File not found
"C:\Program Files\ABControl\ABClient.exe" = C:\Program Files\ABControl\ABClient.exe:*:Enabled:AB Client Application -- File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (SpeedBit Ltd.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{141048B3-B8BB-11D3-9411-0000F87E1467}" = PTC ProDESKTOP 2000i2
"{223F8A0E-65E0-4810-9253-6F754147F70F}" = Flsh8_0Licensing
"{23170F69-40C1-2701-0442-000001000000}" = 7-Zip 4.42
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4919486B-3A27-4BEE-A031-AEB37EC87838}" = Quicktime32_2.1
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{5D0930A3-1033-433A-8BB9-603665550DD1}" = Windows XP Service Pack 3 (1033)
"{5ECF0228-B96C-469C-86AA-98FE6DCF8624}" = Fireworks8_0_Licensing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A47E39E8-1091-453C-A671-70AC3C42A284}" = Dreamweaver8_0_Licensing
"{A52911E5-8B20-49D6-96B2-5A98F88ECB4A}" = Flash8VideoEncoder1_0
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD0EDFDB-BEA2-453A-B7DF-BE64787F0FBA}" = QuickTime2.12
"{BBB4EC68-AB0B-43F1-8009-DFFF21694E94}" = Inspiration7.5
"{BF0517BA-240B-471F-824B-3BAA55A12857}" = New Zealand Maori Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{EA76B918-A3A4-4F83-9BA6-4EB336F798E0}" = asTTle4
"{EC593928-8F88-4BD6-9B1A-3AE159E9BBC8}" = TVNZEncyclopedia
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"02FEC2FAAA7DED51CAF15F06DB8B63E735EE735C" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (04/06/2008 2.1.0.1)
"059BF941BA77F24DED9444B45BB0DAA5353F86EB" = Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)
"0936416DB5978E29D553FACF9DD6F3EFBA1929DA" = Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
"0EEF0136F93FA6C5AB723AADEA61FF550D8C60FB" = Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)
"144A90A8644F24BDCA0607CBAE7F90C2F5427DA4" = Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)
"181B29655BDD6EA3FC483A7E4D1C2ED7735873F0" = Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"2CA2C2712E3120F27F44A38A6FA5540D9A93CA01" = Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6784A318842714811EC3F8409C3C0F7983B90972" = Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"6AEF368351694A266BAB82596EEA968C73E8FC87" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"8461-7759-5462-8226" = Vuze
"850625E38080EAF5C2644C07A2510A394019973D" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"9B19F92D5E3730EA8D0788B248741F6CC2633DBE" = Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"AD3F97DB12E1CE21FA0120AB7CE80FADD54FC0AB" = Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"BFG-Bookworm Adventures" = Bookworm Adventures
"BFGC" = Big Fish Games: Game Manager
"BFG-Geisha - The Secret Garden" = Geisha: The Secret Garden
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ®
"C71CD722DD357F78301EAEA028431241C2D91890" = Windows Driver Package - Apple Inc. System (09/12/2007 2.0.1.1)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"D922ADD1498E7464ED76231D79D703FC1320C80C" = Windows Driver Package - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12)
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"F5A89004299B5282B8B5D7D9F7253FF13C58628F" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)
"ffdshow_is1" = ffdshow v1.1.3452 [2010-05-24]
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"LHTTSENG" = L&H TTS3000 British English
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Shockwave" = Shockwave
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2010 3:00:51 a.m. | Computer Name = DADDYOS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 4:39:04 p.m. | Computer Name = DADDYOS | Source = Application Error | ID = 1000
Description = Faulting application bfgclient.exe, version 2.0.0.3, faulting module
urlmon.dll, version 8.0.6001.18939, fault address 0x00004ffc.

Error - 13/10/2010 12:14:28 a.m. | Computer Name = DADDYOS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/10/2010 3:51:34 a.m. | Computer Name = DADDYOS | Source = MsiInstaller | ID = 1013
Description = Product: Symantec Endpoint Protection -- LiveUpdate is currently running.
Please wait for LiveUpdate to complete before continuing.

Error - 13/10/2010 3:51:40 a.m. | Computer Name = DADDYOS | Source = MsiInstaller | ID = 1013
Description = Product: Symantec Endpoint Protection -- LiveUpdate is currently running.
Please wait for LiveUpdate to complete before continuing.

Error - 13/10/2010 4:05:51 a.m. | Computer Name = DADDYOS | Source = MsiInstaller | ID = 1013
Description = Product: Symantec Endpoint Protection -- LiveUpdate is currently running.
Please wait for LiveUpdate to complete before continuing.

Error - 13/10/2010 11:30:28 p.m. | Computer Name = DADDYOS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/10/2010 11:31:11 p.m. | Computer Name = DADDYOS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/10/2010 11:57:23 p.m. | Computer Name = DADDYOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 19/10/2010 12:17:58 a.m. | Computer Name = DADDYOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 4/09/2010 6:43:01 a.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 4/09/2010 5:49:53 p.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 5/09/2010 2:38:20 a.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 7/09/2010 5:05:52 a.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 10/09/2010 5:08:52 p.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 16/09/2010 3:29:36 a.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 27/09/2010 1:00:19 a.m. | Computer Name = DADDYOS | Source = BTHUSB | ID = 327697
Description = The local Bluetooth radio has failed in an undetermined manner and
will be unloaded.

Error - 27/09/2010 11:42:31 p.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 1/10/2010 10:20:53 p.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 5/10/2010 1:19:22 a.m. | Computer Name = DADDYOS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.


< End of report >

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi could you please post the OTL.txt log from OTL.

Thanks.

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi, sorry but I'm new to all this. Where do I find the OTL.txt log you require.

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
OTL logfile created on: 18/10/2010 10:15:42 p.m. - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 215.69 Gb Total Space | 187.66 Gb Free Space | 87.00% Space Free | Partition Type: NTFS

Computer Name: DADDYOS | User Name: Apple | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 22:14:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.com
PRC - [2010/09/03 02:07:16 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/09/03 02:07:14 | 001,607,272 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/09/03 02:07:14 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/08/28 21:01:30 | 002,835,968 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/08/20 12:45:26 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/05 16:18:54 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/05 16:18:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/05 16:18:48 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/10/05 16:18:47 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/10/05 16:18:44 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/15 16:44:30 | 000,423,216 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2008/04/15 16:44:30 | 000,132,400 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2008/04/15 16:44:30 | 000,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2008/04/15 15:31:18 | 000,147,456 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\IRW.exe
PRC - [2008/04/13 10:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 20:59:29 | 000,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/18 22:14:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/10/05 16:19:05 | 000,357,704 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\sysfer.dll
MOD - [2008/04/13 10:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/03 02:07:16 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/10/05 16:18:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/05 16:18:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/05 16:18:48 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/10/05 16:18:47 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/05 16:18:44 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/03/30 19:13:44 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/15 16:44:30 | 000,132,400 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2008/04/15 16:44:30 | 000,099,632 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2007/10/08 20:59:29 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/08/13 15:31:48 | 000,036,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2010/03/05 13:30:13 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100305.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/03/05 13:30:13 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/05 13:30:13 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100305.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/02 14:24:57 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/10/06 19:33:54 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/05 16:19:04 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/10/05 16:18:56 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/05 16:18:56 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/05 16:18:56 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/05 16:18:50 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/10/05 16:18:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/10/05 16:18:33 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/05 16:18:33 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/10/05 16:18:31 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/10/05 16:18:28 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/09/17 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/04/15 16:44:30 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/04/15 16:44:30 | 000,005,504 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2008/04/15 15:33:14 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/15 15:32:06 | 000,017,664 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iSightUP.sys -- (iSightUpdate)
DRV - [2008/04/15 15:32:06 | 000,007,680 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iSightFT.sys -- (DevUpper)
DRV - [2008/04/15 15:31:18 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/04/15 15:30:29 | 000,019,968 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2008/04/15 15:29:47 | 000,009,088 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applebt.sys -- (applebt)
DRV - [2008/04/15 15:29:18 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 03:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/08 21:58:02 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/08 21:56:08 | 000,007,424 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BthKicker.sys -- (BthKicker)
DRV - [2007/10/08 20:59:30 | 001,177,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internal.faircol.school.nz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.internal.faircol.school.nz"
FF - prefs.js..network.proxy.http: "172.16.0.5"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "*.internal.faircol.school.nz, 172.16.*"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 1


[2010/03/23 01:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/14 14:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\polk68qq.default\extensions
[2010/06/14 14:29:26 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\polk68qq.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

O1 HOSTS File: ([2009/08/30 02:17:27 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\TBUCA\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\TBUCA\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUCA\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUCA\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IRW] C:\WINDOWS\system32\IRW.exe (Apple Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe File not found
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - HKLM..\RunOnce: [NSSInstallation] C:\Program Files\DivX\Symantec\scstubinstaller.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Administrator\Application Data\hotfix.exe) - C:\Documents and Settings\Administrator\Application Data\hotfix.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/14 22:39:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{F5A0A4CC-9754-49F0-8D8D-F8040DE85700} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (60812205720862720)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - M

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{F5A0A4CC-9754-49F0-8D8D-F8040DE85700} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (60812205720862720)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/09 22:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\KingArthur
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/18 22:06:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/18 20:22:10 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Install_NSS.lnk
[2010/10/18 20:14:07 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\SpeedOptimizer Startup.job
[2010/10/18 20:11:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/18 20:11:01 | 2131,046,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 20:29:00 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/16 19:22:56 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\start
[2010/10/16 19:00:49 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\install
[2010/10/16 18:59:28 | 000,594,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\hotfix.exe
[2010/10/16 18:59:28 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\2964.bat
[2010/10/16 18:01:19 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 17:38:19 | 000,001,372 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/10/12 20:50:48 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/10/12 20:50:48 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/10/08 16:25:17 | 000,001,188 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/10/08 16:15:32 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/10/08 16:15:32 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/10/07 00:02:35 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 00:02:35 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/01 22:56:00 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/18 20:22:10 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Install_NSS.lnk
[2010/10/16 19:22:56 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\start
[2010/10/16 19:00:49 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\install
[2010/10/16 18:59:28 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\2964.bat
[2010/10/16 18:59:27 | 000,594,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\hotfix.exe
[2010/10/13 00:48:52 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/10/08 16:25:17 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/08/16 23:33:09 | 000,001,071 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/08/13 13:39:13 | 000,000,223 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/03 02:32:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/19 01:00:12 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/06/16 19:55:00 | 000,000,066 | ---- | C] () -- C:\WINDOWS\PTVIEW.INI
[2010/06/16 19:54:30 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2010/06/14 15:31:42 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/25 15:25:23 | 000,000,183 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/03/14 16:38:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/03/14 16:02:40 | 000,000,530 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/03/14 16:02:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\ptmv.INI
[2009/03/14 15:55:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/14 14:14:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/09 18:22:17 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2004/08/03 03:59:20 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[1998/05/05 23:19:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2009/03/14 22:39:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/14 22:33:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/23 22:29:59 | 000,001,312 | ---- | M] () -- C:\CKINFO.TXT
[2009/03/14 22:39:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/18 20:11:01 | 2131,046,400 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/14 22:39:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/14 22:39:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/04 08:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2004/08/03 03:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/27 18:23:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/18 20:10:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/03/15 14:21:26 | 000,000,573 | ---- | M] () -- C:\RHDSetup.log
[2010/03/17 03:58:39 | 000,000,000 | ---- | M] () -- C:\t1jg.3

< %PROGRAMFILES%*. >
[2009/03/14 15:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/06/18 19:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\ABControl
[2010/03/23 01:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2009/06/18 17:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/14 15:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\asTTle
[2010/10/08 16:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2010/07/14 22:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bookworm Adventures
[2009/03/15 14:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Boot Camp
[2009/10/06 19:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2010/07/16 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/14 22:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/14 14:29:18 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/08/28 21:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\DAP
[2009/03/14 22:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/08/28 15:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/03/14 16:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\Dreamweaver8_0License
[2009/06/25 15:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2010/07/03 02:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2009/03/14 15:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\FileMaker
[2009/03/14 16:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\Fireworks8_0_License
[2009/03/14 16:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\flash8VideoEncoder1_0License
[2009/03/14 16:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\Flash8_0License
[2010/08/27 01:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Geisha - The Secret Garden
[2009/03/14 16:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP
[2009/03/14 15:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Infovox 230
[2009/03/14 15:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\Inspiration 7.5 Intl
[2009/03/14 22:51:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/03/14 22:52:58 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/16 17:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/14 15:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/14 16:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/06/19 04:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/14 15:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/14 22:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/03/14 15:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/03/16 17:03:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/12/20 19:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/14 15:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/03/14 22:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/08/13 13:36:51 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/23 01:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/23 01:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2010/06/20 05:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/14 22:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/03/14 22:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/14 16:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/16 20:06:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mystery Case Files - Ravenhearst
[2010/06/16 00:49:48 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/08/27 18:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/14 22:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/06/19 03:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/03/14 16:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\ProTech
[2009/03/14 15:52:27 | 000,000,000 | ---D | M] -- C:\Program Files\PSS
[2009/03/14 16:38:22 | 000,000,000 | ---D | M] -- C:\Program Files\PTC
[2009/03/14 16:37:25 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/07/02 02:24:23 | 000,000,000 | ---D | M] -- C:\Program Files\Raptr
[2009/03/14 22:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/06/20 05:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/28 21:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\SearchPredict
[2009/03/14 22:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2009/03/14 16:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\Sketchup 5
[2010/09/03 02:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Accelerator
[2010/08/28 21:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Downloader
[2009/10/06 19:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/03/14 22:44:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/12 20:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/09/17 02:14:20 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze_Remote
[2010/03/24 19:14:35 | 000,000,000 | ---D | M] -- C:\Program Files\WildGames
[2010/06/19 00:49:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/06/19 00:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/08/27 18:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/14 22:38:39 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/15 13:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/06/18 19:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2009/03/14 22:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%*.* >
[2010/10/16 18:59:28 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\2964.bat
[2009/03/14 14:14:19 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2010/10/16 18:59:28 | 000,594,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\hotfix.exe
[2010/10/16 19:00:49 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\install
[2010/10/16 19:22:56 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\start


< MD5 for: AGP440.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 03:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/03 03:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 05:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 10:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 10:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 05:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 10:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 10:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 05:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 05:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 10:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 10:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 05:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 05:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< >

< >

< >

< >

< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2009/03/14 22:39:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/14 22:33:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/23 22:29:59 | 000,001,312 | ---- | M] () -- C:\CKINFO.TXT
[2009/03/14 22:39:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/18 20:11:01 | 2131,046,400 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/14 22:39:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/14 22:39:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/04 08:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2004/08/03 03:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/27 18:23:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/18 20:10:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/03/15 14:21:26 | 000,000,573 | ---- | M] () -- C:\RHDSetup.log
[2010/03/17 03:58:39 | 000,000,000 | ---- | M] () -- C:\t1jg.3

< %PROGRAMFILES%*. >
[2009/03/14 15:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/06/18 19:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\ABControl
[2010/03/23 01:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2009/06/18 17:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/14 15:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\asTTle
[2010/10/08 16:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2010/07/14 22:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bookworm Adventures
[2009/03/15 14:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Boot Camp
[2009/10/06 19:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2010/07/16 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/14 22:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/14 14:29:18 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/08/28 21:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\DAP
[2009/03/14 22:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/08/28 15:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/03/14 16:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\Dreamweaver8_0License
[2009/06/25 15:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2010/07/03 02:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2009/03/14 15:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\FileMaker
[2009/03/14 16:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\Fireworks8_0_License
[2009/03/14 16:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\flash8VideoEncoder1_0License
[2009/03/14 16:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\Flash8_0License
[2010/08/27 01:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Geisha - The Secret Garden
[2009/03/14 16:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP
[2009/03/14 15:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Infovox 230
[2009/03/14 15:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\Inspiration 7.5 Intl
[2009/03/14 22:51:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/03/14 22:52:58 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/16 17:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/14 15:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/14 16:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/06/19 04:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/14 15:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/14 22:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/03/14 15:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/03/16 17:03:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/12/20 19:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/14 15:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/03/14 22:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/08/13 13:36:51 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/23 01:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/23 01:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2010/06/20 05:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/14 22:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/03/14 22:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/14 16:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/16 20:06:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mystery Case Files - Ravenhearst
[2010/06/16 00:49:48 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/08/27 18:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/14 22:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/06/19 03:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/03/14 16:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\ProTech
[2009/03/14 15:52:27 | 000,000,000 | ---D | M] -- C:\Program Files\PSS
[2009/03/14 16:38:22 | 000,000,000 | ---D | M] -- C:\Program Files\PTC
[2009/03/14 16:37:25 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/07/02 02:24:23 | 000,000,000 | ---D | M] -- C:\Program Files\Raptr
[2009/03/14 22:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/06/20 05:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/28 21:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\SearchPredict
[2009/03/14 22:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2009/03/14 16:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\Sketchup 5
[2010/09/03 02:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Accelerator
[2010/08/28 21:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Downloader
[2009/10/06 19:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/03/14 22:44:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/12 20:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/09/17 02:14:20 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze_Remote
[2010/03/24 19:14:35 | 000,000,000 | ---D | M] -- C:\Program Files\WildGames
[2010/06/19 00:49:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/06/19 00:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/08/27 18:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/14 22:38:39 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/15 13:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/06/18 19:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2009/03/14 22:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%*.* >
[2010/10/16 18:59:28 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\2964.bat
[2009/03/14 14:14:19 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2010/10/16 18:59:28 | 000,594,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\hotfix.exe
[2010/10/16 19:00:49 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\install
[2010/10/16 19:22:56 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\start


< MD5 for: AGP440.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 03:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/03 03:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 05:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 10:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 10:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 05:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 10:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 10:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 05:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 05:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 10:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 10:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/03 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/13 10:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 05:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 05:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< >

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D93AABC7
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ADA8871
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD060F93
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517DBC32
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCB49694
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3D26A8A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE323A4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B7447D4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39C6A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2E567F

< End of report >

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
HI again, I think I have figured it out. Hope this is what you need, Cheers.

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi,

Please do the following steps:

Step 1:

Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    FF - prefs.js..network.proxy.http: "172.16.0.5"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.type: 1
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Administrator\Application Data\hotfix.exe) - C:\Documents and Settings\Administrator\Application Data\hotfix.exe ()
    [2010/10/16 19:22:56 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\start
    [2010/10/16 19:00:49 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\install
    [2010/10/16 18:59:28 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\2964.bat

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.



Step 2:

Please download Malwarebytes' AntiMalware.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



Please post:
  • The log from OTL.
  • The MBAM log.


Thanks.

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
All processes killed
========== OTL ==========
Prefs.js: "172.16.0.5" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DriverScanner deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Administrator\Application Data\hotfix.exe deleted successfully.
C:\Documents and Settings\Administrator\Application Data\hotfix.exe moved successfully.
C:\Documents and Settings\Administrator\Application Data\start moved successfully.
C:\Documents and Settings\Administrator\Application Data\install moved successfully.
C:\Documents and Settings\Administrator\Application Data\2964.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Adunn

User: aito

User: Akim

User: All Users

User: cbawden

User: ckaiki

User: Default User

User: dhogg

User: dtynan

User: echapman

User: fmatagi.FAIRCOL.000

User: Hcoe

User: hcrequer.FAIRCOL

User: Hcurle

User: hsmith

User: jhitchens

User: Jkaiki

User: jlove

User: jwaite

User: kaunzo

User: kclarke

User: kturei

User: LocalService

User: Mosman

User: Mpalu

User: Mreti

User: NetworkService

User: nmanocha.FAIRCOL.003

User: rwhitaker.FAIRCOL

User: Sjohns

User: skohi

User: tbilich

User: wchang

User: Zreid

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 522812756 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91915810 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1479509787 bytes

Total Files Cleaned = 1,999.00 mb


[EMPTYFLASH]

User: Administrator

User: Adunn

User: aito

User: Akim

User: All Users

User: cbawden

User: ckaiki

User: Default User

User: dhogg

User: dtynan

User: echapman

User: fmatagi.FAIRCOL.000

User: Hcoe

User: hcrequer.FAIRCOL

User: Hcurle

User: hsmith

User: jhitchens

User: Jkaiki

User: jlove

User: jwaite

User: kaunzo

User: kclarke

User: kturei

User: LocalService

User: Mosman

User: Mpalu

User: Mreti

User: NetworkService

User: nmanocha.FAIRCOL.003

User: rwhitaker.FAIRCOL

User: Sjohns

User: skohi

User: tbilich

User: wchang

User: Zreid

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10202010_211349

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4897

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/10/2010 10:24:48 p.m.
mbam-log-2010-10-20 (22-24-48).txt

Scan type: Quick scan
Objects scanned: 382509
Time elapsed: 28 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi Darryl Goddard,

We still have some work to do. Please to do the following:

Step 1:

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from HERE.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel > Software and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
They will have this icon next to them: How can I remove Thinkpoint malware Javaicon
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.


Step 2:

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    How can I remove Thinkpoint malware KasReport


  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply




Please inform me as well how your machine is running.

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
I updated Java yesterday, the current version I have at the moment is Java Runtime Enviroment 6 Update 1, is this the correct version I need

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
It should be Java Runtime Enviroment 6 Update 22

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
Have got Java Update 22 now and have followed thru with your instructions. Thinkpoint is now gone and machine is running well. Thanks heaps for your help, cheers, Darryl.

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi Kaspersky only lists infections, not remove them. Please post the log, there is still some work to do.

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 21, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 20, 2010 23:24:16
Records in database: 4188528
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 137843
Threats found: 5
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 01:53:36


File name / Threat / Threats count
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\03DC0000\4FFEDB8E.VBN Infected: Worm.Win32.VBNA.isu 1
C:\_OTL\MovedFiles\10202010_211349\C_Documents and Settings\Administrator\Application Data\hotfix.exe Infected: Trojan.Win32.FakeAV.mvo 1

Selected area has been scanned.

descriptionHow can I remove Thinkpoint malware EmptyRe: How can I remove Thinkpoint malware

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum