Thinkpoint

View previous topic View next topic Go down

Thinkpoint

Post by iqu_ on Sun Oct 17, 2010 2:15 pm

So this "Thinkpoint" BS magically appeared and Ive been trying to remove this since yesterday noon. I cant install what is recommended, Malwarebytes because i cant get into my admin account (ANY WAY AROUND THIS WOULD PROBABLY DO JUSTICE??) Ive tried using rkill.exe. It opens but just says please be patient. I highly doubt its doing anything because as soon as i open it it says "pev.rkexe has stopped working"

Please Help!! This is annoying as Afraid hell
(Gunsmoke) Viruses and and the people who make them are LAME!



iqu_
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint

Post by Belahzur on Sun Oct 17, 2010 11:07 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint

Post by iqu_ on Sun Oct 17, 2010 11:36 pm

OTL logfile created on: 10/17/2010 7:30:03 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Guest Account\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.65 Gb Total Space | 45.46 Gb Free Space | 20.51% Space Free | Partition Type: NTFS
Drive D: | 11.24 Gb Total Space | 1.86 Gb Free Space | 16.55% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Guest Account | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 19:17:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Guest Account\Downloads\OTL.exe
PRC - [2010/10/17 19:14:54 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\GUESTA~1\AppData\Local\Temp\sysedit.exe
PRC - [2010/10/17 11:46:27 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\GUESTA~1\AppData\Local\Temp\user.exe
PRC - [2010/10/17 09:50:51 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\hexdump.exe
PRC - [2010/10/17 09:50:51 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\avp32.exe
PRC - [2010/10/17 09:48:00 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\cmd.exe
PRC - [2010/10/17 09:47:59 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\gdi32.exe
PRC - [2010/10/17 09:47:56 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\services.exe
PRC - [2010/10/17 08:09:07 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\iexplarer.exe
PRC - [2010/10/17 08:09:06 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\csrss.exe
PRC - [2010/10/17 08:08:59 | 000,021,632 | ---- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\328162428.exe
PRC - [2010/10/16 22:29:41 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\system.exe
PRC - [2010/10/16 22:29:40 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\taskmgr.exe
PRC - [2010/10/16 22:29:39 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\win16.exe
PRC - [2010/10/16 22:29:38 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\setup.exe
PRC - [2010/10/16 19:53:49 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\login.exe
PRC - [2010/10/16 19:53:48 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\lsass.exe
PRC - [2010/10/16 19:53:47 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\mdm.exe
PRC - [2010/10/16 19:53:46 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Guest Account\AppData\Local\Temp\wininst.exe
PRC - [2010/10/16 14:23:27 | 000,002,112 | -H-- | M] () -- C:\Users\GUESTA~1\AppData\Local\Temp\iexplorer.exe
PRC - [2010/10/16 12:47:44 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\login.exe
PRC - [2010/10/16 12:47:43 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\spoolsv.exe
PRC - [2010/10/16 12:47:42 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\services.exe
PRC - [2010/10/16 12:39:24 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\hexdump.exe
PRC - [2010/10/16 12:39:22 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\user.exe
PRC - [2010/10/16 12:39:22 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\csrss.exe
PRC - [2010/10/16 12:39:21 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\mdm.exe
PRC - [2010/10/16 12:39:19 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe
PRC - [2010/10/16 12:39:19 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe
PRC - [2010/10/16 12:39:18 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\cmd.exe
PRC - [2010/10/16 12:39:17 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\winamp.exe
PRC - [2010/07/01 07:56:10 | 000,729,088 | ---- | M] (Rhapsody International Inc.) -- C:\Program Files (x86)\Rhapsody\rhaphlpr.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 12:00:26 | 001,805,584 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
PRC - [2009/12/03 09:54:40 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 19:17:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Guest Account\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/02 18:47:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/18 05:51:47 | 000,000,000 | ---D | M]

[2010/02/28 11:13:24 | 000,000,000 | ---D | M] -- C:\Users\Guest Account\AppData\Roaming\mozilla\Extensions
[2010/10/17 19:28:46 | 000,000,000 | ---D | M] -- C:\Users\Guest Account\AppData\Roaming\mozilla\Firefox\Profiles\r8xy7e4t.default\extensions
[2010/10/16 19:54:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Guest Account\AppData\Roaming\mozilla\Firefox\Profiles\r8xy7e4t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/08 14:15:22 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Guest Account\AppData\Roaming\mozilla\Firefox\Profiles\r8xy7e4t.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/10/15 13:55:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
[2010/10/01 19:51:32 | 000,002,074 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (C:\Windows\SysWow64\zvco6rdrnk.dll) - {D6BA40A1-A502-59BD-F413-04B03A2C8953} - C:\WINDOWS\SysWOW64\zvco6rdrnk.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LvShfnglb] C:\Users\Q\AppData\Local\Temp\debug.exe File not found
O4 - HKLM..\Run: [LvShfngoe] C:\Users\Q\AppData\Local\Temp\avp.exe File not found
O4 - HKLM..\Run: [LvShfngoh] C:\Users\Q\AppData\Local\Temp\csrss.exe File not found
O4 - HKLM..\Run: [LvShfngpb] C:\Users\Q\AppData\Local\Temp\login.exe File not found
O4 - HKLM..\Run: [LvShfngph] C:\Users\Q\AppData\Local\Temp\setup.exe File not found
O4 - HKLM..\Run: [LvShfngqtNc] C:\Users\Q\AppData\Local\Temp\fwnzff73eg.exe File not found
O4 - HKLM..\Run: [LvShfngrA] C:\Users\Q\AppData\Local\Temp\win16.exe File not found
O4 - HKLM..\Run: [LvShfngruf] C:\Users\Q\AppData\Local\Temp\wininst.exe File not found
O4 - HKLM..\Run: [LvShfngrvg] C:\Users\Q\AppData\Local\Temp\spoolsv.exe File not found
O4 - HKLM..\Run: [LvShfngta] C:\Users\Q\AppData\Local\Temp\user.exe File not found
O4 - HKLM..\Run: [Mqqyc] C:\WINDOWS\csrss.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MqqZ] C:\WINDOWS\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mqrtc] C:\WINDOWS\hexdump.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mqsrc] C:\WINDOWS\login.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MqsZ] C:\WINDOWS\mdm.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mque] C:\WINDOWS\user.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mquse] C:\WINDOWS\svchost.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mquta] C:\WINDOWS\services.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mquuf] C:\WINDOWS\spoolsv.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mqvpe] C:\WINDOWS\winamp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [uPc+kt0NcJaXms] C:\Windows\SysWow64\yj4b0g.DLL ()
O4 - HKCU..\Run: [LvfSqfhfngl/] C:\Users\Guest Account\AppData\Local\Temp\gdi32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngM0zt Account\AppData\Local\Temp\328162428.exe] C:\Users\Guest Account\AppData\Local\Temp\328162428.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngmtd] C:\Users\Guest Account\AppData\Local\Temp\iexplarer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngmve] C:\Users\Guest Account\AppData\Local\Temp\hexdump.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngnb] C:\Users\Guest Account\AppData\Local\Temp\cmd.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngne] C:\Users\Guest Account\AppData\Local\Temp\mdm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngoA] C:\Users\Guest Account\AppData\Local\Temp\avp32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngoh] C:\Users\Guest Account\AppData\Local\Temp\csrss.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngosf] C:\Users\Guest Account\AppData\Local\Temp\taskmgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngpb] C:\Users\Guest Account\AppData\Local\Temp\login.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngph] C:\Users\Guest Account\AppData\Local\Temp\setup.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngpta] C:\Users\Guest Account\AppData\Local\Temp\services.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngqd] C:\Users\Guest Account\AppData\Local\Temp\lsass.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngrA] C:\Users\Guest Account\AppData\Local\Temp\win16.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfngruf] C:\Users\Guest Account\AppData\Local\Temp\wininst.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvfSqfhfnguuc] C:\Users\Guest Account\AppData\Local\Temp\system.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejl+z/STA~1\AppData\Local\Temp\328162428.exe] C:\Users\GUESTA~1\AppData\Local\Temp\328162428.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejl9zzSTA~1\AppData\Local\Temp\1265514365.exe] C:\Users\GUESTA~1\AppData\Local\Temp\1265514365.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlk+] C:\Users\GUESTA~1\AppData\Local\Temp\gdi32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlkc] C:\Users\GUESTA~1\AppData\Local\Temp\cmd.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlmc] C:\Users\GUESTA~1\AppData\Local\Temp\mdm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlna] C:\Users\GUESTA~1\AppData\Local\Temp\login.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlne] C:\Users\GUESTA~1\AppData\Local\Temp\lsass.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlo+] C:\Users\GUESTA~1\AppData\Local\Temp\avp32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlora] C:\Users\GUESTA~1\AppData\Local\Temp\iexplarer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlotc] C:\Users\GUESTA~1\AppData\Local\Temp\hexdump.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlpe] C:\Users\GUESTA~1\AppData\Local\Temp\csrss.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlppf] C:\Users\GUESTA~1\AppData\Local\Temp\services.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlpsc] C:\Users\GUESTA~1\AppData\Local\Temp\taskmgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlq+] C:\Users\GUESTA~1\AppData\Local\Temp\win16.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlqe] C:\Users\GUESTA~1\AppData\Local\Temp\setup.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlqf] C:\Users\GUESTA~1\AppData\Local\Temp\user.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlqvc] C:\Users\GUESTA~1\AppData\Local\Temp\wininst.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlsPc] C:\Users\GUESTA~1\AppData\Local\Temp\nvsvc32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlud] C:\Users\GUESTA~1\AppData\Local\Temp\system.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvPZPiejlupc] C:\Users\GUESTA~1\AppData\Local\Temp\sysedit.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKayc] C:\WINDOWS\csrss.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKaZ] C:\WINDOWS\cmd.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKbtc] C:\WINDOWS\hexdump.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKcrc] C:\WINDOWS\login.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKcZ] C:\WINDOWS\mdm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKee] C:\WINDOWS\user.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKese] C:\WINDOWS\svchost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKeseomilk.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEjRIbWCFw1mxLjwoseO/zZaNJjKT8mTIiuqHLmypcCU
LkGuPGnS5MmTMSGmyskzIUyfA39+JPiTaNCQSIWW9MO05lKTRhUWPfryYUo/DYUe3Tj0YEZqqcKG
BTvW5c6qRKc+dMqW5tmeEdUefLsSLDWPdlPltXtXL9y5A+m+5FqwLVumQKNSDamWMMSUci9iraq3
ct6xYslWPnuXJdK/BN92/hfWZF+xNV1etJy59V65FPvu3cz6suDHoDVihLnUbU3EaEfL5Ki762SO
smlrFquceWvmIZ1LtxnYq3XFO39KzwyboZ+7pwEH/xXaPe7A4xgtJ5+d0HVt1phny7+tkTtpvprz
5v6cFPzu9FV9VR5p8WXGlHr86UbScs+JtZiCB6EnnW3bOXjae2HxN2B1imU1mnD15bdageA5+BB9
EzYH1mAgTtSciQkyNFVKKq6mX0JQXfdZhbNViFyLEKIVHXM2oUaXXlrBKFuHOgpUVpA6OpbWg+Bt
GBhn79klo3/EecXbk4NlFto/qZEHIo2CVfkYikLWtRuQE+WIUFdtOrlkYCNOSFaMMzpZVVNwVhbj
lSLZ+OFcKypmWpfFUQWWH1NMgcIU9HVlZYZMLoTZWOtBxmhBpbkVaqhsDarmnCuKhNWpL+1EH4Ce
vf/kx6S0SjppY7GS6RdlFd70Fmd4ZvcZX4x5qqBfhD36lK9FClonjGRyxSV6i/VFWla7hmQrCtx2
2y2waVkZLGYSNQYZklwy9GqErybX3kbHfYjku6Gtex5SkE5K6Vf5clupWfZGpuGw8zrJGX6eUisk
ZE3pZpmCezaM73i77ulnRphqxJatk31F2rZn0lnRSbaOFyRMheL1VVkfduaRvVIdmNaoRVkrcbZB
FbyiYHRdCNWsU8SLkaSSbtXSo9t2W6iwJH1qp0BMBT1FlVRXje6h47lcZVOpeLvqZitfOQWZ6OHl
qmZcZ4uZU0FxO7Ziq3U79mqDOlRSpLS6TettcF7/KxU1UUMquLMJ8l1sUozVVPVdRE96dYlVJ95X
2fOCJTWkkR6obGrH5dvzXLa6qpK3pHsbKbitipdeU4IHzpTZhfFZGDW16msb0N3Wl3rWVl/detBR
R5r54lWGbvLAtlJat0O4Nz6pnKQpfF/TQV3ueobAh3uX9Fdimgre+n5XZe2Al5Tfexd/Vxl6Ugd9
u9QVa3mRrS4fTnXXkiLbt0Jde11oYZ+LTv2EdTngqU1wQ0kUsfKELKhpa1tBO0/jpgaehkkGKQ06
H8kG5yqokCxSndmUtvzVJQEBTXzFspLcUNCdjP2nMK7zCnBgdZ/9HQdvRDtL8zzWGQtepkroskzg
/3zkpOw50GB4SxNC8vW2ilAjaWkC3JcChCejAM59L9kXBhEnGTGpTFXDShoL8acv1CHmKfMp1nei
Z0CoZUeIHEThedxmtKj0DwW4MQj4UDCZsODwVes6U9QwBqmeYQwn0/OSY2gnPH017irqw09JDGY1
pE3NNKIpiPAcuBcmOg0p9JOInGalNwh+y4pOWtVcsGTB782QQBlS5SEjdB/R0M50crNTbT6yM07B
aynCQ4zmWiS8CwbolnykYrj+obQ6tWdUTCQd0TYJIUyhDEmtE5wRbQlIMC4zJI6slfped6ZWjeZA
MMLc40oEw7FxD3eZVAzRxEWUO5ZObu3y2ySVyf+YAjZlauYMyRo7lBHp+ax2RYuWxwL0pC5yDXCY
iyCBCiqi4XVsKxzLkLQIkju4BXROpKxV0H5lJMVhpXM4o4z1egM1LGKlYror1sMY8z2ESlQj4eki
XQ4UQ8pFx2BRexx/+kW3B+WLe3d6EL5KKbEoVdA3vtneSO9GQbIpj2Dd24sdM7NCoqkyhQRyo9Cg
h7mMzK17Z2zdm8Ajt5cxpm23ClailocR8jm0fry0n0hcaLlhFuk7U9UlOzn0UwESBIcIFR9XRrXT
fRKEdZOklo3u9so51cov2Xqi7Qg3EWRy64tXs46AUrg9sWQvPFbFZJiQtJOB1jKW/9SbvuRGQbL/
KO6xk/yJ8Db1VY/xUYtSwljeUFiaXOYEsUcKKeTq98yy9GYzgZOaTwBnTlI5FnCXfeIEaXZOx+aM
L8MD4FdTm1KEkHGaE2xiZw0SUsf1a7jru5p6bmKwsUgNov4cKRfrqxdAybc0Ic1f1Ew3t9z2qL+o
uy97C/lStUYySGQsXaQSI5GaljJvp4QqoWrz2H962CmENN8sBSUUzIVvfYm1i+ZC2x4jLii16iVn
ynbFFHGexYUuuadsHSde1v5PNtHNJutWLJ+Jqkgv7ptgs+7o1bdA1jTpSkp4rfgdbd4GnSTeoqXq
dVxpuu11j5vOcl+jTXSW6MZahdr2piSrBouU/68I5Y3CWBU4KVH2pMDJS7ziSdcjbilLSDada4eq
0R4P+XX3JSRN2SObRx2FSM2qHY5rPExFlY1F88OcYqWauWghqM1yHQw/uawpaIVGjiTpr0J4uqzx
hkbFXvrvjaR4Y+TaKTUR8e5ughxMyMKMbFljmox+7cZQZQqRH6HUoan4G4lp5jz7PJ/83gOp6Jgm
c08C83orCypt9hpjTZRSYAAarD7fq8LWHVK3dd0QXyosPjkj06tXBGabRDl6R6JnKrtZJOPIOyuS
rWG7yysjXbVFiZ76Uqpa/dKP2JtXpYFav0FV5DdlxagvJRdO1yyQcFNJ4qJetLhz5upV43gjzv+B
zUzn4kHoRe9GqaQOjtIURIzRU8XENpQx5wRDPglnKr+OuDPNS6Qbn7xa+47ekg9o0PPsebrqadGd
pp5KpVbdnOL+n5oFphMLDYegDVqLxI10yKX4jb04DrlFXsOi7MCkqTSc2SfPDbCCSwWWATQ4fYUE
HWg7pbU6LFzA2exR/rFHgFQj21Ws4z6Yi+zuPB96bAqW6+0Q3bpFyqqH9K1IVj11TKvGNOdzoh1O
fQroFoMldXDtdDyzrUmi9YqRcs47dAGn5Ghx+b0zlRuYu4izWwQqc6iL21FZXUdFL83op5vmOhF/
4/vhp5j2S0VPpf1crEc7257ycFS26q8lNHe7cJvUSvxc7PhAPP7RulMz4Dss7eqSOU2ibxa6SrI8
+4tN+NVlMa3gm6/o92oagkj0ByU/8VKQFyaHN3cFSDHwJ0PEZm6DZzANGBEXZV5rl3g94X+gYnqS
V1/+9nj7NRQE9yeZZW68x3XU10B21CijRjH5FxMX0nV9E4EYOHAVuBDco345OHCUZzeo4003t1BA
8YA5KDRQ0oPqYoQxYYNH4ydKSFhRyBMjByHjNyYDkoWIM4Uak4DLRxEBAQA7==] C:\WINDOWS\svchost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKeta] C:\WINDOWS\services.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKetapspan.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqHJhqocOHECNKnEixosWLGP/5yXiQGkGPED36oQbyX0mBHk92JPlQpcKS
LFtyLJjKj82aOP3UvJmx4cyPFVMJnZjSpNGfCWMiXUpwp06bT6FKnSrV6cCiQB0WVXlSaM2WLEm6
rLj16tGrSrUiTcsUYaqTT3PejAs1p9y4B4WONYu1LVG/E9/uPSu24OCDI0n6hHnWsE6fWTXWFUo1
6lSnUv9BDtnYbGSUbA8TbltYrcXNpT/n9arXKOuyoleavIu5rm27Ol92BrxwrGCZfRGC3EiY2m+T
sdE+Dmu4OcywqdmCDu75aOXEc69f5y08OXWFxIW//204lrFXmsbPG1Yqlnnpk9+5J9yJGzfT1EmN
Mqapuqlx5IUZ91h1KAEIXXgFqhZgewyWZRBX+s2U3FqgybTQZpGVdJx6D2o2RXD/CcTaWwl2pNlF
5clnIYGd9VXUby4xh1Bi7ZkoImsGlpbKFCigQOKDodVEzVM1goTabs2VSB2Eus30FIVqOZikQV6l
ZBxbNqHA4xQYdtihR1UmOGGTf8mHV4QURQfdlWZtFKNIYYqInnE8aolCbhnqB5KVKco5ppssejma
kkiW2RRlXXIWHUOekcinZkN9JBaGfkxhqZYjRRmhdF9axCl4CiWa5lkYDvkkmUAFmGORrn1VYoFg
zv9mZ486XckkgHzBZ+OJnX6U6X6DCpQpoonJGWxPCcUl6kqPzoijVpOmYucUxE1q6567xfQeqqYR
VRtOkQLWJbB0bVqjQSNthpNwvXnY41s2KcbgePPi9yhjWIGJKL4shSclQZZVShW2ftUaUVF4XoiS
eghGRNk/l9q03lX0Nsggi75pJrDByPmn1WXFCigxd1t+yC6sTUlF7nmFLZufSHVOMR3K8I03pbyC
yWtWTZZSu9hRRqr2mMp9qczdtF1BNaZXGz0rkKW1DvmzQz7xjKmrC4t6bonj6SXv1ztCJfOn4RE7
lEjxUqmxzFBetSUKBV3KZX4PMu3qkG9zSRJUgjL/RGOPPgprNY8I8tu1Xl6jpdJOUDeYM7xDtnmU
VSm5GvarSO24Zdx2LuuysBoJ2XPJ5Jma32aV+jhcz1qyqSHi874cU9g+hy5guBoB+KOvaTe2E2kD
pe5zSYCbnNW4aptVvJ3VSu0vzgD3+GHqxVcdFb3w5nQlXVWCS/vG4ykL7lxoBl9prK6NzJsfWnIJ
2Y7tuwVRwxBjumVN7etVrrEoTds+tblpkMZw55lJBe9wPOPbQzZCP1+ty2/LGdNELhW40k0rL5h7
1dSoYaeCVEpuADRV0wwDOMBFbVvo+p0HH2OzrXyveeABFLDw5qjaZCZZXLphb95mLLk1LGEPoRTU
/z6iuWnlcC6Ro5cPNVI5oA2Ge4mymbDEtrv55G4httlYVQCoHU8ZkUjs49HuIAMsdBlmS4mBn//E
OEV4TQZ/PModCkUklqERpzVWkVT4qDXE40guJQ2UDB/FNhW09Y5uEIFf3tb4PopgSFqWwtv/2hfB
40jNVIMD1OTSc6qt0REyQ3uOTQA4mpIw0Cm0GaHIikUlnmRueW+THgqGs6kFRkhu7ZNlrao4QPIg
h2eEo0vkRPO12fiyY3ujzCClAsCwjcVfRilbpZBnEgXuakK4zJvcQJcmpSgShK7UYyMZshNKCjOD
4tnbCW24TP7ZLjSBvIo1EaO+mbyNPEKJWQ4Phv+rpgmohEZsFO5YeKr6ta4qU5midpQWpxINkou+
1OR/4II5QNYOIXx0TqAUgrSPMA+I7AKTrcI1rYZEjGKIe5ZLRvJR3CAUa4Lak2L0Q0gj0QdIALtQ
OA3zQAnVCW4EAaE7JVXMoLlmSyL5B+Ds8j792VBstAKa0tIjwt+5B1uxUozmSFk5I80zRFpDCd+4
ErbPSQSSlvKgnTSETF5NqXRDyh8zLYUZ+txRPZETUVQflLCvifCQZfnRKKcJOumUq446zRQR59kt
Y7KGfdKLUAlFaqv+SOYpPw0muJBaKGM5jYNxdJFmHJc97BitZh8M4WLY5CwilXFtP0voyTqLLub/
Ye9tMsoOQt9oUtbRlXhpFU1EF+YRztpIVbgKXW7I57aqTCdEDiHfM+OFqIvuql1BRaN1plUX6wbR
JP7rUUk4G5/RSgw+lzrStqxFotbMJouDHSSQpAgq5RImbMzcXXt8KcGB4DZro6NS99LDy4bgxDjc
9S+PiCkkt9wpXZ/SFZ8qa76pUOs5LsJPghBUqqrkTMP8RNcHBQMvE1LnmERkGgvNxzZhYYovDNFZ
qnJkTOhS7KovClPPBBZC5BZnNgS7op4AFq8IIxK7bIXY/azYEUQd6nBXGl2Lk9xXjbrlWiCmMZh4
nBmC8kdSBgqeRj8lofIxSjlBziAnfdJAroQx/38GDku6cHozA8r4wxNNjRbp+l7zqvBHrI0xnuEj
2oyUF1KW3Yt61BWSIlbrRrt0T1KKdFX6ygaVBC6V38JFRjQZkEr9DWktTRmsf4koYSCFZkVbVaGk
nuh1VfLrgvgbIaeh6dECIrB+zkZH+1YommgB9C9V1OZQDbRLxUbnq2ZnMU+OdsK8LCB9gQjS0fqy
kaDMyVnotzUyc2ZGU6obAbGGlZ8VujHWcpygOfVax45ocRO172vP8xv3ehAz6KyYt0/TaGQfKacv
WVNyOezsSfMTZ92LdqgovEAOdSe5owL4sXpqHWgG58ODXo9S0hjv2f6aUCB3K5xuNKKGCriFMv/y
4Hv1Gyw/ViSeN3KWkixmVjOHeaMex6KNCOifs2HvSga29r5hHvDGnhljpUz3flEsQ+ecC+il7s2+
0QNjmBLKptCF9WvijCUNe4fdeUl2AX18KAxe81rcpKdlUFlzMxZoQG2nCc+PxysQ38roTZ5x1kYk
uBmW8tVDfjZ7ILaiPdl1obulriZFft1aOzxrrYKrjY91IV01JSgITHjmqdoiFhF91T3hXsDWbhut
WHq0Pc/VxyWSFkD2Dcb1jDmpSu49zWf63bh/TZ7SZPXXixhkiFfayRXHKmW/xGUr5XbcA+3unz8+
KQN2/taBDrvTL2Uvihl9XTUe6ouM7K+otCaCWXnaeNrD2Nui4VjuaD8iFrKf/fGxKQFf56DJt4Xn
ChccXeZSnzN5iiynljySolgo4nxAd4BdoyILxG0Y4SjSsSNPtVBTlyyBNBjtBhj6Mn+NxxGxd31r
MRy6FX4h2IEK6ClNlX9Q4ii0dWR6cit3R2cvFx7Bp1uZ0X0R51bkNBMBAQA7] C:\WINDOWS\services.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKeuf] C:\WINDOWS\spoolsv.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MKfpe] C:\WINDOWS\winamp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uPc+kt0NcJaXms] C:\Windows\SysWow64\yj4b0g.DLL ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} [You must be registered and logged in to see this link.] (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {D6BA40A1-A502-59BD-F413-04B03A2C8953} - iskjsfuwajiduhf87sfydudhnf - C:\WINDOWS\SysWOW64\zvco6rdrnk.dll ()
O24 - Desktop WallPaper: C:\Users\Guest Account\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Guest Account\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e65f0f16-fd49-11dd-b105-001eecb679be}\Shell - "" = AutoRun
O33 - MountPoints2\{e65f0f16-fd49-11dd-b105-001eecb679be}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/16 23:07:16 | 000,000,000 | ---D | C] -- C:\Users\Guest Account\AppData\Roaming\DivX
[2010/10/16 12:47:44 | 000,021,636 | -H-- | C] (Microsoft Corporation) -- C:\Windows\login.exe
[2010/10/16 12:47:43 | 000,021,636 | -H-- | C] (Microsoft Corporation) -- C:\Windows\spoolsv.exe
[2010/10/16 12:47:42 | 000,021,636 | -H-- | C] (Microsoft Corporation) -- C:\Windows\services.exe
[2010/10/16 12:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/10/16 12:39:24 | 000,021,636 | -H-- | C] (Microsoft Corporation) -- C:\Windows\hexdump.exe
[2010/10/16 12:39:22 | 000,021,636 | -H-- | C] (Microsoft Corporation) -- C:\Windows\user.exe
[2010/10/16 12:39:22 | 000,021,636 | -H-- | C] (Microsoft Corporation) -- C:\Windows\csrss.exe
[2010/10/16 12:39:21 | 000,021,636 | -H-- | C] (Microsoft Corporation) -- C:\Windows\mdm.exe
[2010/10/16 12:39:19 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2010/10/16 12:39:18 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\Windows\cmd.exe
[2010/10/16 12:39:17 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\Windows\winamp.exe
[2010/10/16 12:38:59 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/14 15:40:17 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 15:39:58 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 15:39:58 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 15:38:30 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 15:38:30 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 15:38:25 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 15:38:15 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 15:38:15 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/14 15:37:58 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 15:37:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 15:37:57 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 15:37:57 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 15:37:57 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 15:37:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 15:37:56 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 15:37:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 15:37:56 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 15:37:55 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/14 15:37:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/14 15:37:55 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/14 15:37:55 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 15:37:55 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/14 15:37:55 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/14 15:37:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/14 15:37:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 15:37:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/14 15:37:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 15:37:54 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/14 15:37:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/14 15:37:54 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/14 15:37:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/14 15:37:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/14 15:37:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/14 15:37:54 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/14 15:37:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 15:37:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 15:36:33 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 15:36:28 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 15:36:24 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 15:36:23 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 15:35:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 15:35:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/14 15:35:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/14 15:35:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 15:35:21 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 15:35:21 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/07 03:39:57 | 000,000,000 | ---D | C] -- C:\ASDF
[2009/08/25 19:56:46 | 000,056,105 | ---- | C] (PortableAppZ.blogspot.com) -- C:\Program Files (x86)\PhotoshopCS4.exe
[2 C:\Users\Guest Account\Documents\*.tmp files -> C:\Users\Guest Account\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/17 19:30:52 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7CA892CE-B41C-4491-BEAE-795E07CC6952}.job
[2010/10/17 19:22:32 | 000,000,266 | -H-- | M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2010/10/17 19:22:28 | 000,000,232 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2010/10/17 19:15:19 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/17 19:15:19 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/17 19:15:19 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/17 17:44:38 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 17:44:38 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 12:12:07 | 000,870,128 | ---- | M] () -- C:\Users\Guest Account\AppData\Roaming\mcs.rma
[2010/10/17 12:12:07 | 000,000,004 | ---- | M] () -- C:\Users\Guest Account\AppData\Roaming\CA38C2
[2010/10/17 11:44:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 11:44:26 | 4256,133,120 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 08:31:46 | 000,000,732 | ---- | M] () -- C:\Users\Guest Account\AppData\Local\d3d9caps64.dat
[2010/10/16 12:47:44 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\login.exe
[2010/10/16 12:47:43 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\spoolsv.exe
[2010/10/16 12:47:42 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\services.exe
[2010/10/16 12:39:24 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\hexdump.exe
[2010/10/16 12:39:22 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\user.exe
[2010/10/16 12:39:22 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\csrss.exe
[2010/10/16 12:39:21 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\mdm.exe
[2010/10/16 12:39:19 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2010/10/16 12:39:18 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\Windows\cmd.exe
[2010/10/16 12:39:17 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\Windows\winamp.exe
[2010/10/16 12:39:13 | 000,030,000 | ---- | M] () -- C:\Windows\SysWow64\zvco6rdrnk.dll
[2010/10/16 12:39:13 | 000,030,000 | ---- | M] () -- C:\Windows\SysWow64\yj4b0g.dll
[2010/10/14 23:33:20 | 000,001,684 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2010/10/14 23:29:34 | 002,961,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 23:29:29 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGuest Account.job
[2010/10/14 18:01:55 | 000,000,032 | ---- | M] () -- C:\Windows\SysWow64\w3data.vss
[2010/10/14 18:01:55 | 000,000,032 | ---- | M] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010/10/14 18:01:55 | 000,000,032 | ---- | M] () -- C:\Windows\msocreg32.dat
[2010/10/08 17:10:18 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForQ.job
[2 C:\Users\Guest Account\Documents\*.tmp files -> C:\Users\Guest Account\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 09:45:45 | 4256,133,120 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/16 20:24:07 | 000,000,732 | ---- | C] () -- C:\Users\Guest Account\AppData\Local\d3d9caps64.dat
[2010/10/16 12:39:13 | 000,030,000 | ---- | C] () -- C:\Windows\SysWow64\zvco6rdrnk.dll
[2010/10/16 12:39:13 | 000,030,000 | ---- | C] () -- C:\Windows\SysWow64\yj4b0g.dll
[2010/10/04 17:32:45 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForGuest Account.job
[2010/08/07 10:50:28 | 000,611,840 | ---- | C] () -- C:\Windows\SysWow64\DVD43.dll
[2010/08/02 23:00:34 | 000,003,584 | ---- | C] () -- C:\Users\Guest Account\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/26 18:54:54 | 000,000,614 | ---- | C] () -- C:\Users\Guest Account\AppData\Roaming\wklnhst.dat
[2010/02/28 11:14:18 | 000,000,004 | ---- | C] () -- C:\Users\Guest Account\AppData\Roaming\CA38C2
[2010/02/28 11:14:17 | 000,870,128 | ---- | C] () -- C:\Users\Guest Account\AppData\Roaming\mcs.rma
[2009/11/12 20:11:01 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\nocashio.sys
[2009/10/20 12:23:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 12:21:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/11 13:55:08 | 004,244,744 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll
[2009/10/11 13:55:08 | 000,247,560 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll
[2009/10/11 13:55:08 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[2009/07/05 19:30:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/05/26 17:38:12 | 000,031,880 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2009/02/19 19:02:11 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2009/02/19 17:14:46 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/08/04 05:57:37 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

< End of report >

iqu_
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint

Post by iqu_ on Sun Oct 17, 2010 11:37 pm

OTL Extras logfile created on: 10/17/2010 7:30:04 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Guest Account\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.65 Gb Total Space | 45.46 Gb Free Space | 20.51% Space Free | Partition Type: NTFS
Drive D: | 11.24 Gb Total Space | 1.86 Gb Free Space | 16.55% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Guest Account | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = DA 9A 34 CA 9A A9 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A58065-EB77-4AA6-8585-89E9540227FB}" = rport=2178 | protocol=6 | dir=out | app=system |
"{04D5EEDC-E61F-4EB6-B408-3338DB1B540E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{08BF245C-D47A-4602-B33A-FFD864AB0C88}" = lport=2178 | protocol=6 | dir=in | app=system |
"{0AEAA51C-DDFB-4596-B474-B92E707575CA}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{0E9D31EA-2E22-42EA-95AA-DFBCB89BA5C1}" = lport=3390 | protocol=6 | dir=in | app=system |
"{18B6DC57-D01A-47DA-A32E-F9ED9F35E407}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19E57934-DF15-4CAA-9052-75015136FC27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1AE6BD99-7900-4B53-87D3-3001044A3C96}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{3B60E446-3716-4E60-92BB-6B9133EFB429}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F97E381-FD95-45F5-816C-6CF177B3D72C}" = rport=5357 | protocol=6 | dir=out | app=system |
"{3F9BD9EA-BCFE-4B68-A6EB-4B56DFC89FE3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{427A8025-3A22-466B-B267-EB80623C8369}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4979D773-CF5A-4012-AAFE-2CC0718B7BBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4F112CBE-0424-46FC-BA6C-FFDA91B75A1F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5D219542-BFEB-4BCE-9189-28567ACF375A}" = rport=5358 | protocol=6 | dir=out | app=system |
"{5FF4938E-46BF-46C5-A767-CAC3754E129D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6E2FFEDF-C349-40CB-943A-E4F1DA629741}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6FFD0442-2687-42DF-8B75-0758DDB78DB5}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{78DEE7FD-A133-4F45-B92D-AF6A01C5E3EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{79733E92-DA22-40F4-8491-778168F393A3}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{7A04A1F8-0316-4B2D-BD5B-582B0A022368}" = lport=10244 | protocol=6 | dir=in | app=system |
"{87C311D5-8788-4D3B-8E2D-7B2232365FD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F790B92-36D1-483E-9A88-8AA5C43E1DDF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{97D70B15-C7E5-49B2-B84A-38618D3470BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CA4A486-7A39-4B96-9167-6FBD802E7AF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B134ED0E-3AF1-4B1C-B386-AD5031DF7CC5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B9FC0A5C-1D7E-4FA2-B7CB-9EC370A19E05}" = lport=5357 | protocol=6 | dir=in | app=system |
"{C5060C07-2132-40D3-A41E-00899248D6F5}" = rport=10244 | protocol=6 | dir=out | app=system |
"{D3AA121B-E36D-42FC-AE11-DC37CA338E61}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D3CA5A3E-4128-4A52-8F16-344A7EADB1FA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D52291DD-532A-4D46-8AD9-39BE1BD4B401}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7572064-E848-40D3-BA34-4F3FC6EEE7FC}" = lport=10244 | protocol=6 | dir=in | app=system |
"{DE12E2C4-5CF6-4BD9-8F0C-A2ECDDA6EDB2}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{E89D09D1-E320-49B5-B7D8-0498A724049F}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{F4A32BD5-731F-4275-A5B7-D9EED773CEA0}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{F84E8C1C-A60E-4A66-BC1C-A4A183469477}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{FD29E910-EAE4-40E5-B3DE-DED47DF9CD5B}" = lport=5358 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E64638-91CB-4B06-AB6D-E65FBEB5712B}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{050FB2F7-5182-4ED4-A56A-75D6374EF1DB}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{05ED8669-CDD4-4C61-8522-EE0F2293CA4C}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{0C00189C-EFFD-42EE-B255-1615EAD33B72}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{0FB396FA-3B8A-4C44-ADAE-770AA5267F11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15348FFF-91CE-4D1C-BB13-D0543A64E09D}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{15AD125C-DC8E-4056-BF87-2A87E9C1A17F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{2601A025-63D7-433C-9E0F-EE2349C81078}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E34159C-F0EC-4037-BF55-064CA64B5628}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{2F4695AC-F1F1-4C08-BE50-FA2036DA200B}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{388EB992-F261-4568-B174-EB860F73F4AF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3AB6CDC6-AD6A-4896-B9AA-CAA898E7A671}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{3B04E215-E2E1-43D3-8B8F-C380C4518D65}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{3BE0D2B3-0C21-45CA-92BD-024E98594009}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{3FC622F5-8434-4C42-A66C-13E1946513BE}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{42E9F7C2-2876-4B54-AF74-E6101B255DB7}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{4A72C3BC-80A7-49BC-ACB3-590A6FD1DA44}" = protocol=17 | dir=in | app=c:\program files (x86)\soundtaxi\soundtaxi.exe |
"{5F43C42B-89CD-42DE-B7DD-EF29C99C4516}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{63FA36B5-E702-4544-9C80-ADEB56C739C7}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{65DECA26-72B5-4B47-B6E7-E29640FE4038}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{8AAD5282-88FE-4289-94EB-74535411F103}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8B932AB5-6C7D-48BB-9003-0147CED749D4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{92E5A528-7D00-4AEE-BE4C-C1C4FB402FD9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{96324E74-287E-428A-B093-7C82283BDDCA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{991B92B3-BEA2-4697-AA70-72C35169FD8B}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{9923CA8D-20ED-47CD-A738-D7A3A2E34DBD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{994C90CD-1B06-4C14-8BF4-A7226BC7C227}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9C85566B-3A65-4FE0-9276-8FCD39F9ECB7}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9CD9EB70-3753-4784-8DB7-F3286F612553}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A9C4B9F4-F851-40B7-B068-ABDCA6CB0398}" = protocol=6 | dir=out | app=system |
"{B0104EF1-E02C-4D87-B279-7AF8DFFB2D98}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B4A5687D-1578-4EB6-9C2D-B6B165D48DDE}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C246551E-CEA3-4A69-8CD4-68976DFB7484}" = protocol=6 | dir=in | app=c:\program files (x86)\soundtaxi\soundtaxi.exe |
"{C7F70827-3792-4E11-BD73-408AEEA0F28E}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DD8C75F8-6A58-41CC-BF09-32177B7AB8D5}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E790B762-D14E-42A5-8AED-2BA4899F11DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA3FE495-992A-4708-B68E-12A456B36584}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{EC426042-B343-405B-B52D-E72FF3ECE605}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F1270AD9-125E-459A-A8D5-2FCDD0FDE56B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F6EFF671-4DF2-4AD9-A34D-ACDBAA4BE86A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F922DF0E-49CD-43AB-AD61-C4FA6B9C2866}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FB7F2379-FC92-4FBB-A1C7-220120BC3F81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{45E12186-C801-415D-AAE9-189239B4082B}C:\users\q\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] = protocol=6 | dir=in | app=c:\users\q\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] |
"TCP Query User{4BC7EFDE-C614-4094-BFAE-58EEBDCBF855}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{651B08BB-E632-4CC6-9D9D-0ABB82692AB8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{86EC7A51-C999-49C1-95BD-A44328B3C9B2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{88CEA529-D06D-4B60-8B0C-5057A71734B2}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{89E9AD91-A993-4A65-9F3D-07ED5595C123}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{91B7BD30-0A6A-492B-8AFD-2CDB819669A3}C:\program files (x86)\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"TCP Query User{BB9DD59F-A350-4B8D-92B9-70C80965E0AF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{E84CE3AE-C735-4046-865D-DEE092FDAC96}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{2DE299B6-A0CA-4ACA-85CC-AECB4D88036B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{38473432-5E07-4802-904D-D21E7ED2350A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{3F30BDC6-2028-4556-B302-503E3A7BD3A0}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{4518BB34-1A6E-4D55-B41D-0884A0B4FBC0}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{6657786F-5830-45A4-B80F-158B97E19F3D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{69D7A0B6-68A7-451F-B6C0-29578FD8D166}C:\users\q\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] = protocol=17 | dir=in | app=c:\users\q\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] |
"UDP Query User{A7EEFC62-B0A2-41BF-861B-4763F9A2BC26}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{BCCF7948-EEF5-4AD8-9EFA-F793C05BB42E}C:\program files (x86)\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"UDP Query User{E39AFDC2-F5F7-43BF-81F6-198EDFBD7D18}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1009___is1" = Plogue chipsounds
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{6056086A-9E66-4BA3-8AE2-AF5BA45D5EA5}" = Droid Explorer 0.8.7.2 (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ARIA Engine_is1" = ARIA Engine v1.0.9.3
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 9.0 Personal Trial
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9FCCC8D1-3152-4699-8793-6CB0B9E26EBB}" = Miroslav Philharmonik Instruments
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BA0D0121-A3BA-487D-9C78-7AB0E676C722}" = Miroslav Philharmonik
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D155D300-C235-44FC-981C-F7B34683439C}" = Paragon Drive Backup 8.51 Professional Trial
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.8.9.2
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Arturia Moog Modular V2 v1.0" = Arturia Moog Modular V2 v1.0
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5
"DVD-CLONER VII_is1" = DVD-CLONER V7.20 Build 993
"EADM" = EA Download Manager
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"FL Studio 8" = FL Studio 8
"FL Studio 9" = FL Studio 9
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Hardcore" = Hardcore
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"IL Harmless" = IL Harmless
"Image Line ToxicIII v1.41 VSTi" = Image Line ToxicIII v1.41 VSTi
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"iZotope Ozone 4_is1" = iZotope Ozone 4
"Korg Legacy Collection v1.1.9" = Korg Legacy Collection v1.1.9
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"ObjectDock Plus" = ObjectDock Plus
"Orbit_is1" = Orbit Downloader
"PlayFLV" = PlayFLV
"PoiZone" = PoiZone
"Reason4_is1" = Reason 4.0.1
"ReCycle_is1" = ReCycle 2.1.2
"Rhapsody" = Rhapsody
"Rob Papen Albino 3" = Rob Papen Albino 3
"Sawer" = Sawer
"SoundTaxi_is1" = SoundTaxi 3.9.0
"Steinberg Hypersonic VSTi DXi_is1" = Steinberg Hypersonic VSTi DXi v2.0
"STMediaSuite" = SoundTaxi Media Suite 3.9.0
"Toxic Biohazard" = Toxic Biohazard
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar

< End of report >

iqu_
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint

Post by iqu_ on Sun Oct 17, 2010 11:39 pm

And Thank You For You Help!!!


iqu_
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint

Post by iqu_ on Mon Oct 18, 2010 4:16 pm

Indifferent or Blank

Bump... Still havent found a solution that works for me

iqu_
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint

Post by Belahzur on Mon Oct 18, 2010 11:09 pm

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint

Post by iqu_ on Tue Oct 19, 2010 12:25 pm

See that's my problem i cant install anything under the guest account. And I cant get into my main account due to "Thinkpoint".

When i am logged into my main account, and try what is recommend (pressing Ctrl + Alt + Del) to close the "hotfix.exe" I don't get the task manager, due to this Trojan.

If there is a way around to bypass being a limited user to install software would probably solve my problem.


Also it seems the longer this is on here the more errors i get.

Sad tearing

iqu_
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint

Post by iqu_ on Wed Oct 20, 2010 9:52 pm

bump...

if anyone has any idea what im talking about above, can u p..m. PLEASE.



iqu_
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint

Post by Belahzur on Wed Oct 20, 2010 11:10 pm

Hello.
Can you access the hidden administrator account?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Thinkpoint

Post by iqu_ on Thu Oct 21, 2010 4:34 pm

I THINK I tried doing it correctly running cmd and the access was denied.

If theres another way please tell.

iqu_
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thinkpoint

Post by Belahzur on Thu Oct 21, 2010 11:57 pm

No, the hidden administrator account can only be seen from Safe Mode, or by using the advanced login box.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum