WiredWX Hobby Weather ToolsLog in

 


I've been got by Think Point

2 posters

descriptionI've been got by Think Point EmptyI've been got by Think Point

more_horiz
I somehow managed to get the Think Point virus on my home computer Sad tearing .. So in reading through the blogs I did manage to get into safe mode on my home computer, and then I downloaded the malwarebytes program to a flash drive and ran it on my home computer - did a full scan, it said it found 10 objects - i did the remove and it said I needed to reboot so I did.. went in normally and Think point was still there, so then I rebooted back into safe mode and ran the quick scan and it found four items .. removed those - oh and each time I have to reinstall malwarebytes.. it again said I needed to reboot, so I did again this time going straight into safemode.. again Think point popped up and I killed it via ctrl-alt-del, I then ran a quick scan AGAIN and this time it says there is nothing found. But if that is the case why do I keep getting the Think Point starting up when I reboot?

Please help

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
Update ~ I was able to get into normal and kill Think Point and then run malwarebytes. I did the update on malwarebytes and then ran a scan, it found around 80+ items, I did the remove and then it said to reboot so I did.. this time when it logged in, there were several 'run.dll' errors but they cleared and I was able to get to a browser. I still cant do a system restore, I get a message stating it has been turned off by group policy and to contct my system administrator Sad tearing ... so seems things are working but that Think Point still has me worried.. is it really all gone?

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
So I did the malware again, it found one item.. I removed and didnt want to reboot right away, was online surfin the web and then everything froze up and I couldnt do anything but shut the machine off the hard way.. I now restarted. I have been navigating over there, but some 'search' items wont open and now it has frozen up again.

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
I am running the OTL now and will be posting the logs shortly. I did figure out how to correct the 'system restore' function by going into the regedit.exe and deleting a item out of the policies.

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
here is the OTL.txt

TL logfile created on: 11/28/2010 9:01:38 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\valued customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 287.28 Gb Total Space | 276.40 Gb Free Space | 96.21% Space Free | Partition Type: NTFS
Drive H: | 10.81 Gb Total Space | 5.21 Gb Free Space | 48.16% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive J: | 959.72 Mb Total Space | 951.17 Mb Free Space | 99.11% Space Free | Partition Type: FAT

Computer Name: RILEY | User Name: valued customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/28 09:01:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\valued customer\Desktop\OTL.exe
PRC - [2010/10/16 02:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/11/12 15:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/24 05:17:39 | 000,778,072 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/24 05:17:32 | 001,169,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/02/06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/10/20 05:30:54 | 000,069,632 | R--- | M] (Kreeda Games India Pvt. Ltd.) -- C:\WINDOWS\system32\DMService.exe
PRC - [2008/08/15 18:21:52 | 000,884,795 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe
PRC - [2008/04/13 22:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/28 09:01:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\valued customer\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/11/26 19:02:22 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)
SRV - [2010/10/16 02:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/28 18:14:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/12 15:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/09/24 05:17:32 | 001,169,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/02/06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/20 05:30:54 | 000,069,632 | R--- | M] (Kreeda Games India Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DMService.exe -- (DMService)
SRV - [2008/08/23 18:19:46 | 000,069,632 | ---- | M] (Kreeda Games India Pvt. Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DMServiceUpdater.exe -- (DMServiceUpdater)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\rcgjtpwu.sys -- (rcgjtpwu)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/05 03:02:40 | 000,002,996 | ---- | M] (Buzz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2010/02/01 20:49:09 | 005,070,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/02/01 20:49:08 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/02/01 20:49:08 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2010/02/01 20:44:42 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/11/12 15:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/23 06:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/10/26 15:48:00 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/08/14 09:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/18 13:28:10 | 000,384,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2008/04/13 17:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 16:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/13 15:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2003/07/24 14:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/23 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 94 D1 60 D2 8D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Firefox\extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010/03/14 19:54:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010/03/14 19:54:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2007/08/11 00:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk = C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\hollie\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.105/FreeRealmsInstaller.cab?v=1050 (SonyOnlineInstallerX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.179.250
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/01 18:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 03:01:00 | 000,000,053 | -HS- | M] () - H:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 09:01:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\valued customer\Desktop\OTL.exe
[2010/11/27 14:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/11/27 14:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/27 13:32:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/11/27 10:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\WhiteSmokeTranslator
[2010/11/27 10:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\whitesmoketoolbar
[2010/11/27 10:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}
[2010/11/27 10:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/11/27 10:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Bitrix Security
[2010/11/27 10:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Ymge
[2010/11/27 10:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Acez
[2010/11/27 10:20:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/11/27 10:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\3A58C5499FDC296B73D8E357D9E246E7
[2010/11/27 10:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/11/27 10:19:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/27 10:11:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\valued customer\My Documents\My Videos
[2010/11/27 10:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Sun
[2010/11/27 08:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FrostWire
[2010/11/26 18:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Apple Computer
[2010/11/26 18:59:02 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/11/26 18:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/26 18:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/26 18:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/26 18:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/26 18:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Local Settings\Application Data\Apple
[2010/11/26 18:54:13 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/11/26 18:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/26 18:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Local Settings\Application Data\Apple Computer
[2010/11/26 18:48:13 | 000,384,608 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\WPN111.sys
[2010/11/26 18:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\InstallShield
[2010/11/26 18:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\My Documents\FrostWire
[2010/11/26 18:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\FrostWire
[2010/11/26 18:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Local Settings\Application Data\AskToolbar
[2010/11/26 18:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/11/26 18:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\valued customer\Application Data\Adobe
[2010/11/26 18:39:08 | 000,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNIN50.dll
[2010/11/26 18:39:08 | 000,017,149 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.sys
[2010/11/26 18:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/11/26 18:36:59 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/28 09:03:35 | 000,764,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\xesaoapsm.sys
[2010/11/28 09:01:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\valued customer\Desktop\OTL.exe
[2010/11/28 09:01:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/28 08:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/28 08:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/11/28 07:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/28 07:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/11/28 06:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/28 06:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/11/28 05:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/28 05:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/11/28 04:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/28 04:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/11/28 03:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/28 03:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/11/28 03:27:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2010/11/28 02:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/28 02:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/11/28 01:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/28 01:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/11/28 00:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/28 00:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/11/27 23:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/27 23:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/11/27 22:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/27 22:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/11/27 21:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/27 21:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/11/27 20:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/27 20:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/11/27 19:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/27 19:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/11/27 18:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/27 18:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/11/27 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/11/27 17:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/27 17:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/11/27 16:57:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/27 16:45:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/11/27 16:30:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/27 16:30:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/27 16:28:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/27 16:28:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/27 16:04:36 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/27 16:04:36 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/27 16:04:36 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/11/27 14:53:31 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/11/27 14:41:54 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/27 13:51:40 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/27 13:51:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/27 11:11:35 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\valued customer\Application Data\completescan
[2010/11/27 11:09:56 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/27 11:09:56 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/11/27 11:02:54 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\valued customer\Application Data\install
[2010/11/27 10:26:18 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Whitesmoke Translator!.lnk
[2010/11/27 10:26:18 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/11/27 10:23:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Clulalevetecofi.bin
[2010/11/27 10:23:00 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Njuragifi.dat
[2010/11/27 10:22:50 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/11/27 10:22:49 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/11/27 10:22:44 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/11/27 10:22:36 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/27 05:38:36 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/27 05:38:36 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/27 05:35:44 | 001,974,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/27 05:19:25 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/27 01:15:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/11/26 23:30:12 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/26 18:59:08 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/26 18:56:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/26 18:54:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/26 18:48:13 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
[2010/11/26 18:48:13 | 000,001,385 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WPN111 Smart Wizard.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/27 14:41:54 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/27 13:38:05 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/27 11:11:35 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\valued customer\Application Data\completescan
[2010/11/27 11:02:54 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\valued customer\Application Data\install
[2010/11/27 10:56:59 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/27 10:26:18 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Whitesmoke Translator!.lnk
[2010/11/27 10:26:18 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/11/27 10:23:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/11/27 10:23:01 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/11/27 10:23:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Clulalevetecofi.bin
[2010/11/27 10:23:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Njuragifi.dat
[2010/11/27 10:22:58 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/11/27 10:22:58 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/11/27 10:22:57 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/11/27 10:22:57 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/11/27 10:22:57 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/11/27 10:22:54 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/11/27 10:22:53 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/11/27 10:22:53 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/11/27 10:22:49 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/11/27 10:22:47 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/11/27 10:22:42 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/11/27 10:22:38 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/11/27 10:22:35 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/11/27 10:22:34 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/11/27 10:22:33 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/11/27 10:22:31 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/11/27 10:22:31 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/11/27 10:22:31 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/11/27 10:22:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/11/27 10:22:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/11/27 10:22:29 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/11/27 10:22:29 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/11/27 10:20:54 | 000,764,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\xesaoapsm.sys
[2010/11/27 10:20:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/27 10:20:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/27 10:20:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/27 10:20:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/27 10:20:48 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/27 10:20:47 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/27 10:20:46 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/27 10:20:45 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/26 23:30:12 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\valued customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/26 18:59:08 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/26 18:56:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/26 18:48:13 | 000,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
[2010/11/26 18:48:13 | 000,001,385 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WPN111 Smart Wizard.lnk
[2010/11/26 18:48:12 | 000,155,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2010/11/26 18:44:07 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/05 15:50:42 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/05 15:50:42 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/05 15:50:42 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/03/03 21:10:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/02/05 03:02:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\inpout32.dll
[2010/02/02 01:39:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/02/01 20:46:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/02/01 10:30:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/13 22:41:56 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/13 22:41:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/13 22:41:56 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/13 22:41:56 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/13 22:41:56 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8668AB36
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18FD1D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DFE5191
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F437A62A
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:211ED887
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7

< End of report >

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
Here is the Extras.tx

OTL Extras logfile created on: 11/28/2010 9:01:39 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\valued customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 287.28 Gb Total Space | 276.40 Gb Free Space | 96.21% Space Free | Partition Type: NTFS
Drive H: | 10.81 Gb Total Space | 5.21 Gb Free Space | 48.16% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive J: | 959.72 Mb Total Space | 951.17 Mb Free Space | 99.11% Space Free | Partition Type: FAT

Computer Name: RILEY | User Name: valued customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1046:TCP" = 1046:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- File not found
"C:\Program Files\Kaneva\Star\3296\KepClient.exe" = C:\Program Files\Kaneva\Star\3296\KepClient.exe:*:Enabled:KEP Game Client -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Makena\There\ThereClient\There.exe" = C:\Makena\There\ThereClient\There.exe:*:Enabled:There -- File not found
"C:\Program Files\Electronic Arts\Command & Conquer 4 Beta\Data\rts-final.exe" = C:\Program Files\Electronic Arts\Command & Conquer 4 Beta\Data\rts-final.exe:*:Disabled:Command & Conquerâ„¢ 4 Beta -- File not found
"C:\Program Files\Kaneva\Star\3298\KepClient.exe" = C:\Program Files\Kaneva\Star\3298\KepClient.exe:*:Enabled:KEP Game Client -- File not found
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- File not found
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Documents and Settings\hollie\Local Settings\Temporary Internet Files\Content.IE5\ID9B1OTC\EudemonsV1272[1].exe" = C:\Documents and Settings\hollie\Local Settings\Temporary Internet Files\Content.IE5\ID9B1OTC\EudemonsV1272[1].exe:*:Enabled:EudemonsV1272[1].exe -- File not found
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Documents and Settings\hollie\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\hollie\Application Data\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice -- File not found
"C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe" = C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.25.0.65
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F5006EE-BFE5-4715-B2EC-F82EB2FF130D}" = ArcSoft MediaImpression
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe
"{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}" = ArcSoft Panorama Maker 4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}" = ArcSoft Photo Book Screen Saver
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audiosurf_is1" = Audiosurf Beta
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Timer_is1" = Timer 5.0.0.3
"Web Page Maker_is1" = Web Page Maker V3.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2010 2:51:14 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/8/2010 7:58:42 AM | Computer Name = JOHNS-AND-HOLLE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2010 9:29:42 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/8/2010 9:32:10 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/8/2010 2:06:07 PM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/8/2010 3:57:16 PM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/8/2010 9:24:49 PM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/9/2010 12:44:07 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/9/2010 12:25:31 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

Error - 3/9/2010 12:45:18 AM | Computer Name = JOHNS-AND-HOLLE | Source = NMSAccessU | ID = 0
Description =

[ System Events ]
Error - 11/27/2010 4:07:50 PM | Computer Name = RILEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/27/2010 4:10:17 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.

Error - 11/27/2010 4:23:14 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.

Error - 11/27/2010 4:39:01 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.

Error - 11/27/2010 4:40:45 PM | Computer Name = RILEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/27/2010 4:54:49 PM | Computer Name = RILEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/27/2010 4:55:11 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.

Error - 11/27/2010 6:06:13 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.

Error - 11/27/2010 6:28:53 PM | Computer Name = RILEY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 11/27/2010 6:30:17 PM | Computer Name = RILEY | Source = Service Control Manager | ID = 7022
Description = The DMService service hung on starting.


< End of report >

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    I've been got by Think Point CF_download_FF

    I've been got by Think Point CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    I've been got by Think Point Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    I've been got by Think Point Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
ComboFix 10-11-28.01 - valued customer 11/28/2010 19:13:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.461 [GMT -6:00]
Running from: c:\documents and settings\valued customer\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\valued customer\Application Data\alot
c:\documents and settings\valued customer\Application Data\Bitrix Security
c:\documents and settings\valued customer\Application Data\Bitrix Security\cet.txt
c:\documents and settings\valued customer\Application Data\Bitrix Security\lkvfgjcjj_shrd
c:\documents and settings\valued customer\Application Data\Bitrix Security\shcyur
c:\documents and settings\valued customer\Application Data\completescan
c:\documents and settings\valued customer\Application Data\install
c:\documents and settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}
c:\documents and settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}\chrome.manifest
c:\documents and settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}\chrome\content\_cfg.js
c:\documents and settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}\chrome\content\overlay.xul
c:\documents and settings\valued customer\Local Settings\Application Data\{D080BB00-D315-4262-873C-0C9A8B289424}\install.rdf
c:\windows\system32\drivers\hwinterface.sys
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
H:\Autorun.inf

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hwinterface
-------\Service_hwinterface


((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.

2010-11-28 22:21 . 2010-11-28 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-28 22:05 . 2010-11-28 22:05 -------- d-----w- c:\documents and settings\valued customer\Local Settings\Application Data\ArcSoft
2010-11-28 22:00 . 2010-11-28 22:00 -------- d-----w- c:\program files\CCleaner
2010-11-28 21:57 . 2010-11-28 21:57 -------- d-----w- c:\documents and settings\valued customer\Local Settings\Application Data\Mozilla
2010-11-28 19:47 . 2010-11-28 19:47 -------- d-----w- c:\documents and settings\valued customer\Application Data\SUPERAntiSpyware.com
2010-11-28 19:47 . 2010-11-28 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-28 19:46 . 2010-11-28 19:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-27 20:41 . 2010-11-27 20:41 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-27 20:23 . 2010-11-27 20:23 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-11-27 16:56 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-27 16:26 . 2010-11-27 16:37 -------- d-----w- c:\documents and settings\valued customer\Application Data\WhiteSmokeTranslator
2010-11-27 16:23 . 2010-11-27 16:23 -------- d-----w- c:\documents and settings\valued customer\Application Data\whitesmoketoolbar
2010-11-27 16:23 . 2010-11-27 16:23 0 ----a-w- c:\windows\Clulalevetecofi.bin
2010-11-27 16:22 . 2010-11-27 16:22 -------- d-----w- c:\program files\JRE
2010-11-27 16:22 . 2010-11-27 22:03 -------- d-----w- c:\documents and settings\valued customer\Application Data\Acez
2010-11-27 16:22 . 2010-11-27 16:26 -------- d-----w- c:\documents and settings\valued customer\Application Data\Ymge
2010-11-27 16:20 . 2010-11-29 03:35 764416 ----a-w- c:\windows\system32\drivers\xesaoapsm.sys
2010-11-27 16:20 . 2010-11-27 22:03 -------- d-----w- c:\documents and settings\valued customer\Application Data\3A58C5499FDC296B73D8E357D9E246E7
2010-11-27 16:19 . 2010-11-27 16:22 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-27 14:18 . 2010-11-27 17:17 -------- d-----w- c:\documents and settings\Alexis Riley
2010-11-27 11:37 . 2010-11-27 11:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-27 00:59 . 2010-11-27 01:26 -------- d-----w- c:\documents and settings\valued customer\Application Data\Apple Computer
2010-11-27 00:59 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-27 00:59 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-27 00:58 . 2010-11-27 00:58 -------- d-----w- c:\program files\iPod
2010-11-27 00:58 . 2010-11-27 00:59 -------- d-----w- c:\program files\iTunes
2010-11-27 00:58 . 2010-11-27 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-27 00:54 . 2010-11-27 00:54 -------- d-----w- c:\program files\Apple Software Update
2010-11-27 00:54 . 2010-11-27 00:54 -------- d-----w- c:\documents and settings\valued customer\Local Settings\Application Data\Apple
2010-11-27 00:54 . 2010-09-28 23:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-11-27 00:54 . 2010-09-28 23:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-11-27 00:53 . 2010-11-27 00:53 -------- d-----w- c:\program files\Bonjour
2010-11-27 00:52 . 2010-11-27 00:59 -------- d-----w- c:\documents and settings\valued customer\Local Settings\Application Data\Apple Computer
2010-11-27 00:48 . 2008-04-18 19:28 384608 ----a-w- c:\windows\system32\drivers\WPN111.sys
2010-11-27 00:48 . 2008-04-18 19:27 155624 ----a-w- c:\windows\system32\drivers\ar5523.bin
2010-11-27 00:47 . 2010-11-27 00:47 -------- d-----w- c:\documents and settings\valued customer\Application Data\InstallShield
2010-11-27 00:44 . 2010-11-27 19:26 -------- d-----w- c:\documents and settings\valued customer\Application Data\FrostWire
2010-11-27 00:44 . 2010-11-27 16:12 -------- d-----w- c:\documents and settings\valued customer\Local Settings\Application Data\AskToolbar
2010-11-27 00:44 . 2010-11-27 00:44 -------- d-----w- c:\program files\Ask.com
2010-11-27 00:39 . 2010-11-27 00:39 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-11-27 00:39 . 2003-07-24 20:10 17149 ----a-w- c:\windows\system32\DNINDIS5.sys
2010-11-27 00:39 . 2003-07-24 20:10 94208 ----a-w- c:\windows\system32\DNIN50.dll
2010-11-27 00:39 . 2010-11-27 00:39 -------- d-----w- c:\program files\NETGEAR
2010-11-27 00:36 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23 . 2010-10-07 20:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-18 20:23 . 2007-04-03 07:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 04:41 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 04:41 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-08-23 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:58 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2008-04-14 04:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:58 . 2008-04-14 04:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 19:17 . 2010-09-08 19:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 19:17 . 2010-09-08 19:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2008-04-14 04:39 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2008-04-14 00:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 7AAF8F961E622905E99D14FF59E56F37 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 6EE677CC1AC5D45BD3C21BD6F7B41BC1 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . C59F18687DE671F5FC75ABEDDFC3309A . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^john^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\john\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-10-26 21:48 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-10-26 21:48 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-10-26 21:48 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-02-02 02:49 17880576 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/30/2010 12:25 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/13/2008 10:42 PM 14336]
R2 DMService;DMService;c:\windows\system32\DMService.exe [2/18/2010 8:16 PM 69632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1181328]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [11/26/2010 6:39 PM 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [11/26/2010 6:48 PM 384608]
S1 rcgjtpwu;rcgjtpwu;\??\c:\windows\system32\drivers\rcgjtpwu.sys --> c:\windows\system32\drivers\rcgjtpwu.sys [?]
S2 DMServiceUpdater;DMServiceUpdater;c:\windows\system32\DMServiceUpdater.exe [2/18/2010 8:16 PM 69632]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/1/2010 8:49 PM 1684736]

--- Other Services/Drivers In Memory ---

*Deregistered* - xesaoapsm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:46]

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:46]

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:46]

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:46]

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:46]

2010-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]

2010-11-28 c:\windows\Tasks\Driver Fetch.job
- c:\program files\Driver Fetch\2.0.0.0\DriverFetch.exe [2010-02-02 01:15]

2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 21:57]

2010-11-28 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-03-18 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-11-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 06:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hollie\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\valued customer\Application Data\Mozilla\Firefox\Profiles\npiucg9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\valued customer\Application Data\Mozilla\Firefox\Profiles\npiucg9g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-28 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xesaoapsm]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WgaTray.exe
c:\program files\NETGEAR\WPN111\wpn111.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2010-11-28 21:39:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-29 03:39

Pre-Run: 296,461,074,432 bytes free
Post-Run: 296,853,618,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 88DD77154002FA8E31CBEEB53657296E

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
I started the combo fix last night and had left my computer.. when I came back this morning I had the file I posted above, but I also have a message stating that the copy of windows didnt pass validation, does that mean that whoever loaded windows on this computer used a fake copy? Or is that message a fake too? ugh at viruses.

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
Hello.
Do you have your XP disc?

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
No ~ I purchased the computer from a local pawn shop Sad tearing and it had windows XP already loaded.

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
wondering what to do now

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
Hello.
Can you borrow one from somewhere? malware has caused serious damage to your machine.

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
So is the thought that I need to have someone completely wipe the machine and reinstall Win XP? If so I believe I may be able to go back to the store and ask for them to do so.

descriptionI've been got by Think Point EmptyRe: I've been got by Think Point

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum