thinkpoint

View previous topic View next topic Go down

ThinkPoint

Post by jcarson on Mon Oct 18, 2010 12:36 pm

I have been infected with thinkpoint. I am unable to access internet express and cannot download anything. I am using my laptop to contact you in hopes that you can walk me through a fix for my desk top computer. Thank You, Jerry

jcarson
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22667
# Likes # Likes : 0

View user profile

Back to top Go down

Re: thinkpoint

Post by Belahzur on Mon Oct 18, 2010 11:45 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

thinkpoint

Post by jcarson on Tue Oct 19, 2010 3:04 pm

Thinkpoint has disapeared from my desktop! Don't know what I might have done. I shut down last night and this morning when I started up thinkpoint appears to be gone. Did I do something or is it a short term virus? I don't know. Jerry

jcarson
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22667
# Likes # Likes : 0

View user profile

Back to top Go down

Re: thinkpoint

Post by Belahzur on Tue Oct 19, 2010 11:28 pm

Me neither.
Please run OTL anyway, I'd like to check and make sure it's gone.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: thinkpoint

Post by jcarson on Wed Oct 20, 2010 2:24 am

OTL logfile created on: 10/19/2010 9:11:05 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.60 Gb Total Space | 331.44 Gb Free Space | 73.23% Space Free | Partition Type: NTFS
Drive D: | 13.16 Gb Total Space | 1.80 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
Drive E: | 607.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/19 21:10:21 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/04/02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/20 17:02:22 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/10/19 21:10:21 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/04/02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/20 17:02:22 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/02/04 18:48:01 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/28 17:03:42 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/01/20 17:02:23 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0308000.029\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/01/20 17:02:23 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2010/01/20 17:02:23 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2010/01/20 17:02:23 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0308000.029\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2010/01/20 17:02:23 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2010/01/20 17:02:23 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/01/20 17:02:23 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2010/01/20 17:02:22 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0308000.029\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2010/01/20 17:02:22 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0308000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motport.sys -- (motport)
DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/19 17:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2009/05/24 07:36:52 | 000,626,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/05/08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009/02/06 18:42:12 | 000,061,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008/09/09 20:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/02/13 09:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 04:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/10/13 14:59:27 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101015.005\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/28 03:00:00 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101019.022\EX64.SYS -- (NAVEX15)
DRV - [2010/09/28 03:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101019.022\ENG64.SYS -- (NAVENG)
DRV - [2010/05/26 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/26 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/10/21 16:42:54 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/11 14:22:38] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/01 15:59:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 07:21:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKCU..\Run: [ehnrnlfe] C:\Users\Owner\AppData\Local\Temp\nctbopgyh\btuvyebyhsn.exe File not found
O4 - HKCU..\Run: [kntdiufc] C:\Users\Owner\AppData\Local\gaayocgco\tmylemttssd.exe File not found
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\Run: [wwrwhjiy] C:\Users\Owner\AppData\Local\Temp\vnodomquj\bvpvgjpyhsn.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.66.0.20 69.66.1.20
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\2009-06-13\HPIM0372_372_044.JPG
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\2009-06-13\HPIM0372_372_044.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/17 15:29:09 | 001,049,968 | R--- | M] (Microsoft Corporation) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/19 15:58:38 | 000,000,225 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7127b55c-3d8b-11df-985f-002511e6e31d}\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found
O33 - MountPoints2\{8307b76d-5676-11de-8d3d-002511e6e31d}\Shell\AutoRun\command - "" = K:\LinksysConnectPC.exe -- File not found
O33 - MountPoints2\{edccb3a6-3f15-11de-95cd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{edccb3a6-3f15-11de-95cd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2007/08/17 15:29:09 | 001,049,968 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{edccb3a6-3f15-11de-95cd-806e6f6e6963}\Shell\directx\command - "" = E:\directx9\DXSETUP.exe -- [2005/05/26 17:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{edccb3a6-3f15-11de-95cd-806e6f6e6963}\Shell\setup\command - "" = E:\setup.exe -- [2007/09/25 15:56:03 | 000,311,296 | R--- | M] (Microsoft Game Studios )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/19 21:10:19 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/10/17 07:29:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Microsoft
[2010/10/15 11:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/15 11:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/10/13 22:11:33 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 22:11:29 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 22:11:29 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 22:11:27 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 22:11:26 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 22:11:24 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 22:11:20 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/13 22:11:20 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/13 22:11:02 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 22:11:02 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/13 22:11:02 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/13 22:11:02 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/13 22:11:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 22:11:02 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/13 22:11:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/13 22:11:01 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 22:11:01 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/13 22:11:01 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/13 22:11:00 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/13 22:11:00 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/13 22:11:00 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/13 22:11:00 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/13 22:11:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/13 22:10:59 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/13 22:10:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/13 22:10:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/13 22:10:59 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/13 22:10:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/13 22:10:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/13 22:10:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/13 22:10:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/13 22:10:59 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/13 22:10:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/13 22:10:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/13 22:10:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/13 22:10:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/13 22:10:28 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 22:10:26 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 22:10:22 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 22:10:22 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 22:09:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/13 22:09:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/13 22:09:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/13 22:09:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/13 22:09:07 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/13 22:09:07 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/08 06:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/19 21:15:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/19 21:10:21 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/10/19 20:09:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 20:09:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 09:27:09 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{225D8A0C-B9F3-4AD9-9116-CC51C8535E4C}.job
[2010/10/19 06:15:42 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/19 06:15:42 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/19 06:15:42 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/19 06:09:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/19 06:09:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/18 23:31:01 | 000,000,044 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010/10/17 10:43:28 | 000,000,006 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\start
[2010/10/17 07:48:33 | 000,000,010 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\install
[2010/10/17 07:46:53 | 000,000,202 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\24646.bat
[2010/10/15 11:47:54 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/15 08:35:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2010/10/14 08:31:36 | 000,335,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/08 06:11:50 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/24 08:10:39 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/22 13:53:22 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/09/22 13:52:41 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 08:17:02 | 000,000,006 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\start
[2010/10/17 07:48:33 | 000,000,010 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\install
[2010/10/17 07:46:53 | 000,000,202 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\24646.bat
[2010/10/15 11:47:54 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/08 06:11:50 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/21 08:05:14 | 000,000,434 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{225D8A0C-B9F3-4AD9-9116-CC51C8535E4C}.job
[2010/03/25 09:30:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classic Thick
[2010/03/25 09:30:10 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\Carbon
[2010/03/25 09:30:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/03/25 09:25:31 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Chiller
[2010/03/25 09:25:31 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\Caches
[2010/03/25 09:25:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/11/29 14:42:01 | 000,417,354 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI0962.txt
[2009/11/29 14:42:00 | 000,012,526 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI0962.txt
[2009/09/18 07:15:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/18 07:12:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/06/12 13:59:26 | 000,006,144 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 11:39:50 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2009/06/11 11:23:34 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/06/11 06:38:09 | 000,002,164 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/06/10 22:07:08 | 000,002,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/06/10 14:52:16 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2008/11/07 00:06:37 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/11/07 00:06:37 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 1937 bytes -> C:\Users\Owner\Documents\Aeronca C-3 Model (2008).eml:OECustomProperty

< End of report >
OTL Extras logfile created on: 10/19/2010 9:11:05 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.60 Gb Total Space | 331.44 Gb Free Space | 73.23% Space Free | Partition Type: NTFS
Drive D: | 13.16 Gb Total Space | 1.80 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
Drive E: | 607.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5B 5C B3 D8 A3 77 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FCAD090-890B-4AEB-BA10-3243FD5C9A0C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{15AA7722-E35E-421C-87CF-A95144D46163}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{186FBE24-20AA-4C30-BDA2-AF32009645DF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{22AB5CFE-FF02-4084-970B-44ACC8F72910}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{37632825-19E7-48F6-BFBF-F2E30A2352BE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{52367B05-D854-40A9-B8F1-80999A61BD18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{56FD6F32-CEB0-43B2-9D3F-D1E9D7CA5320}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{5D3517B7-15B9-4FB3-BC36-0712EE6C12B1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{5F3A0E67-3BAF-4FF3-A3CE-D2A1915ED30B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{69C61284-4A97-42C3-B96C-0DD64B6FD79F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{70CCACD4-A46B-4741-B357-F830D5E6BE20}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{70F5E079-724E-4665-A480-A23F8412686D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{7554A9C4-051A-47C3-8629-CA99B32D7BC5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{7BB02B28-F959-43F5-97ED-12691AA7D50C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{87C82D17-5FC6-4DD2-B7BC-EEBB821A429C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{97E4D548-3A0B-4967-90EE-7C6768529483}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{BF789010-F803-4B74-B690-22464B96C2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BFD0D0A3-C75E-4F0C-89AD-4B145769EB17}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{C8708E78-AD5E-494F-A0A4-4050BA5A9BAF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D97786F3-1101-4AF9-932B-8452DFD3AB05}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{D99EF785-E69E-4EFC-9381-1593E75B30F0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E020B71F-EA98-428D-9543-917C07DA41FE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{E0F93EEC-5F6F-4A16-9A50-F3C4BA19FF63}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{E6B3746F-DEFA-4FDC-800C-7B0F2E2A61CA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{F1D542CA-C144-4454-89E6-C745B8B01199}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{FDBF26E7-A5BD-4062-85E8-4DA8FAE06681}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{FE85D40B-8DD0-48FE-956F-913CFD388391}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}" = Motorola Driver Installation 4.6.0
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{54E4B319-0CE0-448D-B299-EE05BC30E4D1}" = Windows Live Family Safety
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Cameras 9.0
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FE4D77-D717-4632-8EA8-B6BB258CFC7D}" = Wal-MartŪ Mini Movie
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{24A71701-4BFD-4228-97B3-7D739195EC67}" = Walmart Digital Photo Manager
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FE54D21-8254-4CCF-AEE0-066496AE43F4}" = Delta Force - Black Hawk Down
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B7B8C436-9169-4B45-B212-1A95D62E0338}" = ModelCAD 3000
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6081BF5-B4AB-456A-9694-89F5CB6ED270}" = Motorola Phone Tools
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{F9A63CBA-FB65-44E2-9BFB-927E7208B3D7}" = Motorola Phone Tools
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Bejeweled Twist" = Bejeweled Twist
"Delta Force 2" = Delta Force 2
"Escape The Museum1.0" = Escape The Museum
"Google Chrome" = Google Chrome
"Hawaiian Explorer Lost Island_is1" = Hawaiian Explorer Lost Island 1.0.0.9
"Hawaiian Explorer Pearl Harbor_is1" = Hawaiian Explorer Pearl Harbor 1.0.0.30
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Luxor" = Luxor (remove only)
"Magic Match Adventures_is1" = Magic Match Adventures
"Marine Sharpshooter" = Marine Sharpshooter
"N360" = Norton 360
"Precision Mapping Streets and Traveler 8.1_is1" = Precision Mapping Streets and Traveler 8.1
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2010 6:46:53 PM | Computer Name = Owner-PC | Source = profsvc | ID = 1508
Description = Windows was unable to load the registry. This problem is often caused
by insufficient memory or insufficient security rights. DETAIL - The configuration
registry database is corrupt. for C:\Users\Owner\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 6/24/2010 6:46:53 PM | Computer Name = Owner-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The configuration
registry database is corrupt.

Error - 6/24/2010 6:46:55 PM | Computer Name = Owner-PC | Source = profsvc | ID = 1508
Description = Windows was unable to load the registry. This problem is often caused
by insufficient memory or insufficient security rights. DETAIL - The configuration
registry database is corrupt. for C:\Users\Owner\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 6/24/2010 6:46:55 PM | Computer Name = Owner-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The configuration
registry database is corrupt.

Error - 6/24/2010 6:48:27 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/24/2010 8:03:28 PM | Computer Name = Owner-PC | Source = profsvc | ID = 1508
Description = Windows was unable to load the registry. This problem is often caused
by insufficient memory or insufficient security rights. DETAIL - The configuration
registry database is corrupt. for C:\Users\Owner\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 6/24/2010 8:03:28 PM | Computer Name = Owner-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The configuration
registry database is corrupt.

Error - 6/24/2010 8:03:29 PM | Computer Name = Owner-PC | Source = profsvc | ID = 1508
Description = Windows was unable to load the registry. This problem is often caused
by insufficient memory or insufficient security rights. DETAIL - The configuration
registry database is corrupt. for C:\Users\Owner\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 6/24/2010 8:03:29 PM | Computer Name = Owner-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The configuration
registry database is corrupt.

Error - 6/24/2010 8:04:54 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/10/2009 5:58:03 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 7/10/2009 5:59:44 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/10/2009 9:43:29 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 7/10/2009 9:45:09 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/11/2009 8:51:29 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 7/11/2009 8:53:15 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/11/2009 9:19:41 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 7/11/2009 9:21:19 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/11/2009 12:05:07 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 7/11/2009 12:06:48 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

jcarson
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22667
# Likes # Likes : 0

View user profile

Back to top Go down

Re: thinkpoint

Post by Belahzur on Wed Oct 20, 2010 11:28 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKCU..\Run: [ehnrnlfe] C:\Users\Owner\AppData\Local\Temp\nctbopgyh\btuvyebyhsn.exe File not found
    O4 - HKCU..\Run: [kntdiufc] C:\Users\Owner\AppData\Local\gaayocgco\tmylemttssd.exe File not found
    O4 - HKCU..\Run: [wwrwhjiy] C:\Users\Owner\AppData\Local\Temp\vnodomquj\bvpvgjpyhsn.exe File not found
    [2010/10/17 08:17:02 | 000,000,006 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\start
    [2010/10/17 07:48:33 | 000,000,010 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\install
    [2010/10/17 07:46:53 | 000,000,202 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\24646.bat

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: thinkpoint

Post by jcarson on Thu Oct 21, 2010 2:17 am

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ehnrnlfe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kntdiufc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wwrwhjiy deleted successfully.
C:\Users\Owner\AppData\Roaming\start moved successfully.
C:\Users\Owner\AppData\Roaming\install moved successfully.
C:\Users\Owner\AppData\Roaming\24646.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 42933922 bytes
->Temporary Internet Files folder emptied: 24508938 bytes
->Java cache emptied: 60479519 bytes
->Google Chrome cache emptied: 24742486 bytes
->Flash cache emptied: 175590 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116444 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 85853461 bytes

Total Files Cleaned = 228.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10202010_190527

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YDT5YF2S\thinkpoint-t24257[1].htm moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla1918.tmp not found!
File\Folder C:\Windows\temp\JET9368.tmp not found!

jcarson
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22667
# Likes # Likes : 0

View user profile

Back to top Go down

Re: thinkpoint

Post by Belahzur on Fri Oct 22, 2010 12:10 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: thinkpoint

Post by jcarson on Fri Oct 22, 2010 1:35 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4910

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

10/22/2010 8:27:12 AM
mbam-log-2010-10-22 (08-27-12).txt

Scan type: Quick scan
Objects scanned: 142390
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jcarson
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22667
# Likes # Likes : 0

View user profile

Back to top Go down

Re: thinkpoint

Post by Belahzur on Fri Oct 22, 2010 11:53 pm

Hello.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: thinkpoint

Post by jcarson on Sat Oct 23, 2010 12:06 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: ECS
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: NC686AA-ABA a6700y
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 148):
0x01E5F000 \SystemRoot\system32\ntoskrnl.exe
0x01E19000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\PSHED.dll
0x0062C000 \SystemRoot\system32\CLFS.SYS
0x00689000 \SystemRoot\system32\CI.dll
0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F4000 \SystemRoot\system32\drivers\acpi.sys
0x0094A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00953000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095D000 \SystemRoot\system32\drivers\pci.sys
0x0098D000 \SystemRoot\System32\drivers\partmgr.sys
0x009A2000 \SystemRoot\system32\drivers\volmgr.sys
0x0073B000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B6000 \SystemRoot\system32\drivers\pciide.sys
0x009BD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CD000 \SystemRoot\System32\drivers\mountmgr.sys
0x007A1000 \SystemRoot\system32\drivers\nvraid.sys
0x007C4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x009E0000 \SystemRoot\system32\drivers\atapi.sys
0x00A02000 \SystemRoot\system32\drivers\ataport.SYS
0x00A26000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A52000 \SystemRoot\system32\drivers\storport.sys
0x00AAF000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AF6000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B0A000 \SystemRoot\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
0x00B71000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0E000 \SystemRoot\system32\drivers\ndis.sys
0x00E0D000 \SystemRoot\system32\drivers\msrpc.sys
0x00E5D000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100A000 \SystemRoot\System32\drivers\tcpip.sys
0x01180000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138B000 \SystemRoot\system32\drivers\volsnap.sys
0x013CF000 \SystemRoot\System32\Drivers\spldr.sys
0x013D7000 \SystemRoot\System32\Drivers\mup.sys
0x011AC000 \SystemRoot\System32\drivers\ecache.sys
0x013E9000 \SystemRoot\system32\drivers\disk.sys
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x011F0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00EE2000 \SystemRoot\system32\DRIVERS\processr.sys
0x00EF5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x00F0B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x01000000 \SystemRoot\system32\DRIVERS\PS2.sys
0x00F17000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00F25000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00F30000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00F76000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x00F87000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x00F99000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x03403000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0360E000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x0377B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03797000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03805000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x034F0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0412A000 \SystemRoot\System32\drivers\watchdog.sys
0x0413A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x04173000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04180000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x041A3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x041AF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x041E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x037A4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x037C2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x037DA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x041F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00FA9000 \SystemRoot\system32\DRIVERS\ks.sys
0x041F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x037ED000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0440F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04457000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04806000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0446B000 \SystemRoot\system32\drivers\portcls.sys
0x044A6000 \SystemRoot\system32\drivers\drmk.sys
0x049E7000 \SystemRoot\system32\drivers\ksthunk.sys
0x049ED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x049F7000 \SystemRoot\System32\Drivers\Null.SYS
0x044D4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x044DC000 \SystemRoot\system32\DRIVERS\Amfltx64.sys
0x044E5000 \SystemRoot\System32\drivers\vga.sys
0x044F3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04518000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04521000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0452A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04535000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04546000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0454F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0456C000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
0x045B8000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x045EE000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
0x035D3000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
0x04A04000 \SystemRoot\system32\DRIVERS\netr7364.sys
0x04AA4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04AA6000 \SystemRoot\system32\DRIVERS\smb.sys
0x04AC1000 \SystemRoot\system32\drivers\afd.sys
0x04B2C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04B70000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04B8E000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x04B99000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04BA8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04BC3000 \SystemRoot\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
0x04E07000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04E54000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04E60000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101020.001\IDSvia64.sys
0x04EDB000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04F51000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04F69000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04F8E000 \SystemRoot\System32\Drivers\dfsc.sys
0x04C05000 \SystemRoot\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
0x04C98000 \SystemRoot\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
0x04CEF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x04D0B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04D19000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04D23000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x04D4F000 \SystemRoot\System32\drivers\Dxapi.sys
0x04D5B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x006B0000 \SystemRoot\System32\cdd.dll
0x00800000 \SystemRoot\System32\ATMFD.DLL
0x04D6E000 \SystemRoot\system32\drivers\luafv.sys
0x08E09000 \SystemRoot\system32\drivers\spsys.sys
0x08EA3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x08EB7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x08EEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x08EF6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08F0E000 \SystemRoot\system32\drivers\HTTP.sys
0x08FB1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08FDA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04D90000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04DAA000 \SystemRoot\system32\drivers\mrxdav.sys
0x04DD1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04FAB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04BD7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0940B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0943D000 \SystemRoot\System32\DRIVERS\srv.sys
0x094D1000 \SystemRoot\system32\drivers\peauth.sys
0x09587000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09592000 \SystemRoot\System32\drivers\tcpipreg.sys
0x095A2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x095C2000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x00EB6000 \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x08000000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
0x0820F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101022.004\EX64.SYS
0x083CD000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101022.004\ENG64.SYS
0x77960000 \Windows\System32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
516 csrss.exe
556 C:\Windows\System32\wininit.exe
576 csrss.exe
612 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\nvvsvc.exe
912 C:\Windows\System32\svchost.exe
276 C:\Windows\System32\svchost.exe
308 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\svchost.exe
604 C:\Windows\System32\audiodg.exe
988 C:\Windows\System32\svchost.exe
472 C:\Windows\System32\SLsvc.exe
1076 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\rundll32.exe
1296 C:\Windows\System32\svchost.exe
1604 C:\Windows\System32\dwm.exe
1672 C:\Windows\System32\spoolsv.exe
1712 C:\Windows\System32\svchost.exe
1732 C:\Windows\System32\taskeng.exe
1768 C:\Windows\explorer.exe
1808 C:\Windows\System32\taskeng.exe
1524 C:\Windows\SysWOW64\svchost.exe
1400 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2060 C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
2088 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
2112 C:\Windows\System32\svchost.exe
2184 C:\Windows\System32\svchost.exe
2212 C:\Windows\System32\svchost.exe
2228 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2316 C:\Windows\System32\svchost.exe
2372 C:\Windows\System32\svchost.exe
2396 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2448 C:\Windows\System32\SearchIndexer.exe
2544 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2772 WUDFHost.exe
3020 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
3180 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3196 C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
3944 dllhost.exe
3452 C:\Program Files\Windows Sidebar\sidebar.exe
3324 C:\Windows\ehome\ehtray.exe
3428 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
3796 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
980 C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
3492 C:\Windows\System32\wbem\unsecapp.exe
3408 WmiPrvSE.exe
3552 C:\Windows\ehome\ehmsas.exe
1752 C:\Program Files\Windows Sidebar\sidebar.exe
2140 C:\Windows\System32\wuauclt.exe
1440 C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
4512 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
5084 C:\Windows\splwow64.exe
3404 C:\Windows\ehome\ehsched.exe
1700 C:\Windows\System32\mobsync.exe
4716 C:\Program Files\Windows Mail\WinMail.exe
4032 C:\Windows\System32\SearchProtocolHost.exe
4964 C:\Windows\System32\SearchFilterHost.exe
1844 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3488 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4220 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
4380 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4240 dllhost.exe
4740 dllhost.exe
724 C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSEEK5YV\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`26521600 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD502IJ, Rev: 1AA0

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: F362CE084BC77B454330005C1657154A64FB9456


Done!

jcarson
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22667
# Likes # Likes : 0

View user profile

Back to top Go down

Re: thinkpoint

Post by Belahzur on Sat Oct 23, 2010 12:21 am

Hello.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: thinkpoint

Post by jcarson on Sat Oct 23, 2010 4:09 pm

SETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

jcarson
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22667
# Likes # Likes : 0

View user profile

Back to top Go down

Re: thinkpoint

Post by Belahzur on Sat Oct 23, 2010 11:52 pm

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: thinkpoint

Post by jcarson on Sun Oct 24, 2010 1:34 pm

Seems to be running very well now. Thank You for you help. Jerry

jcarson
Novice
Novice

Posts Posts : 23
Joined Joined : 2010-10-17
OS OS : vista
Points Points : 22667
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum