Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 2 3 [4]  All   Go Down

Author Topic: Think Point Virus  (Read 19906 times)

0 Members and 1 Guest are viewing this topic.

darts44

    Topic Starter


    Beginner

    Thanked: 1
    Re: Think Point Virus
    « Reply #45 on: November 10, 2010, 05:42:40 PM »
    Hi! Dave,
    You write: Open notepad........is that a new notepad or ....... Could you give more details.
    I want to make sure i do the right thing.
    Regards, Yves
    Logged
    darts44
    The ignorant person does not know enough to know that he does not know.
    He that knows not and knows not that he knows not, he is a fool, shum him.
    He that knows not and knows that he knows not, he is teachable, teach him.
    He that knows and knows that he knows, he is wise, follow him.

    darts44

      Topic Starter


      Beginner

      Thanked: 1
      Re: Think Point Virus
      « Reply #46 on: November 10, 2010, 05:58:49 PM »
      Hi! Dave,
      Hold on , i got it.
      Logged
      darts44
      The ignorant person does not know enough to know that he does not know.
      He that knows not and knows not that he knows not, he is a fool, shum him.
      He that knows not and knows that he knows not, he is teachable, teach him.
      He that knows and knows that he knows, he is wise, follow him.

      darts44

        Topic Starter


        Beginner

        Thanked: 1
        Re: Think Point Virus
        « Reply #47 on: November 10, 2010, 07:00:07 PM »
        Hi! Dave,
        Here are the results of the scan
        ComboFix 10-11-09.01 - Yves 11/11/2010  11:05:32.2.2 - x86
        Microsoft Windows 7 Home Premium   6.1.7600.0.1252.61.1033.18.3070.1942 [GMT 10:00]
        Running from: c:\users\Yves\Desktop\commy.exe
        Command switches used :: c:\users\Yves\Desktop\CFScript.txt
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        .
        --------------- FCopy ---------------

        c:\windows\ERDNT\cache\userinit.exe --> c:\windows\system32\userinit.exe
        .
        (((((((((((((((((((((((((   Files Created from 2010-10-11 to 2010-11-11  )))))))))))))))))))))))))))))))
        .

        2010-11-11 01:23 . 2010-11-11 01:23   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
        2010-11-11 01:23 . 2010-11-11 01:23   --------   d-----w-   c:\users\Default\AppData\Local\temp
        2010-11-09 08:06 . 2010-10-07 23:21   6146896   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{44CDFD57-B753-47D5-9915-893F16DBC98A}\mpengine.dll
        2010-11-09 04:26 . 2010-11-09 04:26   --------   d-----w-   c:\program files\Vodafone
        2010-11-03 04:36 . 2010-11-03 04:36   --------   d-----w-   c:\program files\Common Files\Java
        2010-11-03 04:35 . 2010-11-03 04:35   --------   d-----w-   c:\program files\Sun
        2010-11-03 04:32 . 2010-11-03 04:34   --------   d-----w-   c:\program files\Java
        2010-11-03 02:59 . 2010-11-03 02:59   --------   d-----w-   c:\users\Yves\AppData\Roaming\Malwarebytes
        2010-11-03 02:59 . 2010-11-08 23:32   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2010-11-03 02:59 . 2010-11-03 02:59   --------   d-----w-   c:\programdata\Malwarebytes
        2010-11-02 23:16 . 2010-11-02 23:16   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
        2010-10-26 20:45 . 2010-08-04 06:18   641536   ----a-w-   c:\windows\system32\CPFilters.dll
        2010-10-26 20:45 . 2010-08-04 06:17   417792   ----a-w-   c:\windows\system32\msdri.dll
        2010-10-26 20:45 . 2010-08-04 06:15   204288   ----a-w-   c:\windows\system32\MSNP.ax
        2010-10-26 20:45 . 2010-08-04 06:15   199680   ----a-w-   c:\windows\system32\mpg2splt.ax
        2010-10-26 20:39 . 2010-07-13 05:22   26504   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
        2010-10-23 11:36 . 2010-10-23 11:36   --------   d-----w-   c:\programdata\5D
        2010-10-23 10:25 . 2010-10-23 11:28   --------   d-----w-   c:\users\Yves\AppData\Local\BearShare
        2010-10-23 10:18 . 2010-10-23 20:49   --------   dc-h--w-   c:\programdata\~0
        2010-10-23 10:18 . 2010-10-23 10:18   --------   d-----w-   c:\users\Yves\AppData\Local\PackageAware
        2010-10-20 14:18 . 2010-10-20 14:18   --------   d-----w-   c:\windows\en
        2010-10-20 14:18 . 2010-10-20 14:18   --------   dc----w-   c:\windows\system32\DRVSTORE
        2010-10-20 14:18 . 2010-09-22 14:21   39272   ----a-w-   c:\windows\system32\drivers\fssfltr.sys
        2010-10-20 14:13 . 2010-10-20 14:13   --------   d-----w-   c:\program files\MSN Toolbar
        2010-10-20 14:13 . 2010-10-20 14:14   --------   d-----w-   c:\program files\Bing Bar Installer
        2010-10-20 14:13 . 2009-09-04 07:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
        2010-10-20 14:13 . 2009-09-04 07:44   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
        2010-10-20 14:13 . 2009-09-04 07:29   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
        2010-10-20 14:12 . 2010-10-20 14:12   469256   ----a-w-   c:\program files\Common Files\Windows Live\.cache\c76b1f1e1cb70602b\InstallManager_WLE_WLE.exe
        2010-10-20 14:11 . 2010-10-20 14:11   15712   ----a-w-   c:\program files\Common Files\Windows Live\.cache\b5d373971cb706020\MeshBetaRemover.exe
        2010-10-20 14:11 . 2010-10-20 14:11   94040   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a5a337da1cb706018\DSETUP.dll
        2010-10-20 14:11 . 2010-10-20 14:11   525656   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a5a337da1cb706018\DXSETUP.exe
        2010-10-20 14:11 . 2010-10-20 14:11   1691480   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a5a337da1cb706018\dsetup32.dll
        2010-10-20 14:11 . 2010-10-20 14:11   525656   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a40e8dec1cb706017\DXSETUP.exe
        2010-10-20 14:11 . 2010-10-20 14:11   1691480   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a40e8dec1cb706017\dsetup32.dll
        2010-10-20 14:11 . 2010-10-20 14:11   94040   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a40e8dec1cb706017\DSETUP.dll
        2010-10-20 14:09 . 2010-11-06 03:26   --------   d-----w-   c:\users\Yves\AppData\Local\Windows Live
        2010-10-20 14:09 . 2010-05-23 10:15   1619456   ----a-w-   c:\windows\system32\WMVDECOD.DLL
        2010-10-20 14:09 . 2010-05-23 10:11   196608   ----a-w-   c:\windows\system32\mfreadwrite.dll
        2010-10-20 14:09 . 2010-05-23 10:11   3181568   ----a-w-   c:\windows\system32\mf.dll
        2010-10-15 21:34 . 2010-05-05 06:46   363520   ----a-w-   c:\windows\system32\StructuredQuery.dll
        2010-10-15 21:03 . 2010-08-21 05:36   738816   ----a-w-   c:\windows\system32\wmpmde.dll
        2010-10-15 21:01 . 2010-09-01 04:26   164864   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
        2010-10-15 21:01 . 2010-09-01 04:23   12625408   ----a-w-   c:\windows\system32\wmploc.DLL
        2010-10-15 21:01 . 2010-09-01 02:34   2327552   ----a-w-   c:\windows\system32\win32k.sys
        2010-10-15 21:01 . 2010-08-27 05:46   168448   ----a-w-   c:\windows\system32\srvsvc.dll
        2010-10-15 21:01 . 2010-08-27 03:31   310784   ----a-w-   c:\windows\system32\drivers\srv.sys
        2010-10-15 21:01 . 2010-08-27 03:30   308736   ----a-w-   c:\windows\system32\drivers\srv2.sys
        2010-10-15 21:01 . 2010-08-27 03:30   113664   ----a-w-   c:\windows\system32\drivers\srvnet.sys

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2010-11-03 04:35 . 2010-07-27 22:47   472808   ----a-w-   c:\windows\system32\deployJava1.dll
        2010-10-19 01:41 . 2010-07-26 23:48   222080   ------w-   c:\windows\system32\MpSigStub.exe
        2010-09-22 14:47 . 2010-09-22 14:47   49016   ----a-w-   c:\windows\system32\sirenacm.dll
        2010-09-22 14:32 . 2010-09-22 14:32   301936   ----a-w-   c:\windows\WLXPGSS.SCR
        2010-09-21 04:03 . 2010-09-21 04:03   208768   ----a-w-   c:\windows\system32\LIVESSP.DLL
        2010-08-25 20:48 . 2010-08-25 20:48   53248   ----a-r-   c:\users\Yves\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
        2010-08-21 05:32 . 2010-09-15 06:16   316928   ----a-w-   c:\windows\system32\spoolsv.exe
        .

        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-09-29 2942856]
        "AnyTime Organizer"="c:\program files\AnyTime Organizer Premier\AtDem.exe" [2007-11-21 29696]
        "E09AXLRD_2727443"="c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE" [2008-06-03 351000]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-07-20 1038848]
        "MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-06-25 253952]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "ConsentPromptBehaviorAdmin"= 5 (0x5)
        "ConsentPromptBehaviorUser"= 3 (0x3)
        "EnableUIADesktopToggle"= 0 (0x0)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
        "aux2"=wdmaud.drv

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
        Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp

        [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
        path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
        backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
        backupExtension=.CommonStartup

        [HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AnyTime.lnk]
        path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk
        backup=c:\windows\pss\AnyTime.lnk.Startup
        backupExtension=.Startup

        [HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FastStone Capture.lnk]
        path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
        backup=c:\windows\pss\FastStone Capture.lnk.Startup
        backupExtension=.Startup

        [HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
        path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
        backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
        backupExtension=.Startup

        [HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
        path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
        backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
        backupExtension=.Startup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
        2010-03-27 06:07   362232   ----a-w-   c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adm_tray.exe]
        2010-06-04 08:49   530768   ----a-w-   c:\program files\Acronis\DriveMonitor\adm_tray.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
        2010-09-20 13:07   932288   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
        2010-09-22 18:47   35760   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
        2010-03-05 17:44   500208   ------w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
        2010-07-22 12:10   402432   ----a-w-   c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyTime Organizer]
        2007-11-21 03:45   29696   ----a-w-   c:\progra~1\ANYTIM~1\AtDem.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
        2010-09-29 05:30   2942856   ----a-w-   c:\program files\DU Meter\DUMeter.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_15580131]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_2163780]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_2494237]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_2519946]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_25437101]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_31464294]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_5542044]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_5633040]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_582850]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_6173833]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_6696436]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_738477]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_8550430]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_9218411]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_969171]
        2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
        2009-11-18 06:13   54576   ----a-w-   c:\program files\HP\HP Software Update\hpwuschd2.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
        2010-10-22 20:47   353736   ----a-w-   c:\program files\IncrediMail\Bin\IncMail.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
        2010-07-21 06:52   1797008   ----a-w-   c:\program files\Microsoft IntelliPoint\ipoint.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
        2010-07-21 07:07   1778064   ----a-w-   c:\program files\Microsoft IntelliType Pro\itype.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
        2010-05-11 06:43   6061400   ----a-w-   c:\program files\Logitech\Vid\Vid.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
        2010-05-11 06:43   6061400   ----a-w-   c:\program files\Logitech\Vid\Vid.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
        2010-05-07 08:35   165208   ----a-w-   c:\program files\Logitech\LWS\Webcam Software\LWS.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
        2010-06-01 00:17   5252408   ----a-w-   c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
        2010-06-25 02:57   253952   ----a-w-   c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
        2009-07-14 01:14   354304   ----a-w-   c:\windows\System32\StikyNot.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
        2010-05-14 01:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
        2010-02-19 03:37   517096   ----a-w-   c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
        2010-03-27 06:06   5107232   ----a-w-   c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorldTime2006]
        2007-10-21 07:17   1486848   ----a-w-   c:\program files\AnyTime Organizer Premier\WorldTime.exe

        R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
        R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [2010-09-29 18576]
        R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-06-10 9216]
        R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
        R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
        R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
        R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
        R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1343400]
        R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [2009-10-28 105216]
        R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [2009-10-28 105216]
        R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [2009-10-28 105216]
        R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
        S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-07-27 911680]
        S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
        S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-27 2480048]
        S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-03 176128]
        S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
        S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2010-09-29 1412488]
        S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 26352]
        S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 493032]
        S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-06-25 9216]
        S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-07-27 160704]
        S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-03 6096384]
        S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-03 214016]
        S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
        S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2010-06-15 35568]
        S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-03-01 61952]
        S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-30 105856]
        S3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-06-10 194048]


        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
        hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
        nosGetPlusHelper   REG_MULTI_SZ      nosGetPlusHelper
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = about:blank
        TCP: {E481D8DE-43C8-4878-B42D-DD2FAEC18884} = 202.124.65.22 202.124.65.18
        .

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
        "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
        .
        --------------------- LOCKED REGISTRY KEYS ---------------------

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
        @Denied: (A) (Users)
        @Denied: (A) (Everyone)
        @Allowed: (B 1 2 3 4 5) (S-1-5-20)
        "BlindDial"=dword:00000000

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
        @Denied: (A) (Users)
        @Denied: (A) (Everyone)
        @Allowed: (B 1 2 3 4 5) (S-1-5-20)
        "BlindDial"=dword:00000000

        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
        @Denied: (Full) (Everyone)
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'lsass.exe'(856)
        c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
        c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

        - - - - - - - > 'Explorer.exe'(2940)
        c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
        c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
        c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
        c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\A\ESBRes.DLL

        - - - - - - - > 'csrss.exe'(516)
        c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
        .
        ------------------------ Other Running Processes ------------------------
        .
        c:\windows\system32\atieclxx.exe
        c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
        c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
        c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
        c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
        c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
        c:\windows\system32\taskhost.exe
        c:\windows\system32\conhost.exe
        c:\program files\Windows Media Player\wmpnetwk.exe
        c:\program files\Acronis\DriveMonitor\adm.exe
        .
        **************************************************************************
        .
        Completion time: 2010-11-11  11:40:51 - machine was rebooted
        ComboFix-quarantined-files.txt  2010-11-11 01:40
        ComboFix2.txt  2010-11-09 21:21

        Pre-Run: 310,590,455,808 bytes free
        Post-Run: 310,706,073,600 bytes free

        - - End Of File - - 7A5DC2DC34D92E2BE90D746632674453

        Another long one.
        Thanks Dave for your help and time.
        Regards, Yves
        Logged
        darts44
        The ignorant person does not know enough to know that he does not know.
        He that knows not and knows not that he knows not, he is a fool, shum him.
        He that knows not and knows that he knows not, he is teachable, teach him.
        He that knows and knows that he knows, he is wise, follow him.

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Think Point Virus
        « Reply #48 on: November 11, 2010, 07:00:36 AM »
        Very good. Now, please run the ESET scan again as outlined in Reply # 30.
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        darts44

          Topic Starter


          Beginner

          Thanked: 1
          Re: Think Point Virus
          « Reply #49 on: November 11, 2010, 12:21:37 PM »
          Hi! Dave,
          Here is the result of the ESET Scan.
          No threats found
          And that is wonderful  ;D.
          Best regards,
          Yves
          Logged
          darts44
          The ignorant person does not know enough to know that he does not know.
          He that knows not and knows not that he knows not, he is a fool, shum him.
          He that knows not and knows that he knows not, he is teachable, teach him.
          He that knows and knows that he knows, he is wise, follow him.

          darts44

            Topic Starter


            Beginner

            Thanked: 1
            Re: Think Point Virus
            « Reply #50 on: November 12, 2010, 04:30:55 AM »
            Hi! Guys,
            I think it is done and i want to take this opportunity to thanks everyone at Computer Hope for the wonderful
            help and the kindness. Particularly Dave for his time helping me to clean up my P.C. from this
            nasty virus. I am very grateful to all.
            Thanks Guys, i love you all.
            Yves from Down under. ;D
            Logged
            darts44
            The ignorant person does not know enough to know that he does not know.
            He that knows not and knows not that he knows not, he is a fool, shum him.
            He that knows not and knows that he knows not, he is teachable, teach him.
            He that knows and knows that he knows, he is wise, follow him.

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Think Point Virus
            « Reply #51 on: November 12, 2010, 12:49:19 PM »
            Ok. That's good news. Let's do some cleanup.

            * Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
            * Now type commy /uninstall in the runbox
            * Make sure there's a space between commy and /Uninstall
            * Then hit Enter

            * The above procedure will:
            * Delete the following:
            * ComboFix and its associated files and folders.
            * Reset the clock settings.
            * Hide file extensions, if required.
            * Hide System/Hidden files, if required.
            * Set a new, clean Restore Point.
            ********************************
            Clean out your temporary internet files and temp files.

            Download TFC by OldTimer to your desktop.

            Double-click TFC.exe to run it.

            Note: If you are running on Vista, right-click on the file and choose Run As Administrator

            TFC will close all programs when run, so make sure you have saved all your work before you begin.

            * Click the Start button to begin the cleaning process.
            * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
            * Please let TFC run uninterrupted until it is finished.

            Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
            **************************************
            Use the Secunia Software Inspector to check for out of date software.

            •Click Start Now

            •Check the box next to Enable thorough system inspection.

            •Click Start

            •Allow the scan to finish and scroll down to see if any updates are needed.
            •Update anything listed.
            .
            ----------

            Go to Microsoft Windows Update and get all critical updates.

            ----------

            I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

            SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
            * Using SpywareBlaster to protect your computer from Spyware and Malware
            * If you don't know what ActiveX controls are, see here

            Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

            Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

            Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
            Safe Surfing!

            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            darts44

              Topic Starter


              Beginner

              Thanked: 1
              Re: Think Point Virus
              « Reply #52 on: November 12, 2010, 03:32:05 PM »
              Hi! Dave,
              Done it all.
              Thanks for the finishing touch.
              Best regards,
              yves
              Logged
              darts44
              The ignorant person does not know enough to know that he does not know.
              He that knows not and knows not that he knows not, he is a fool, shum him.
              He that knows not and knows that he knows not, he is teachable, teach him.
              He that knows and knows that he knows, he is wise, follow him.
              Pages: 1 2 3 [4]  All   Go Up
              « previous next »