ThinkPoint - now will not even boot up

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

ThinkPoint - now will not even boot up

Post by mwmorin on Fri 19 Nov 2010, 9:02 am

Windows XP - Home

History:

- got thinkpoint infection
- i was still able to login in but could not run any browser
- I followed steps on your site to get rid of this malware- [You must be registered and logged in to see this link.]
- several infections were detected and removed
- still could not load browser

After rebooting a couple of times, this is now happening:

I turn on the computer. I can get to BIOS screen, that is it. After that I get a flashing underscore character in the top left of screen on a black background.

Is there any recommendation?

thanks,
Mike


mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Fri 19 Nov 2010, 12:33 pm

Hello.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.



@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Sat 27 Nov 2010, 8:20 am

As requested here are the contents of file OTL.txt:

OTL logfile created on: 11/26/2010 4:03:00 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.21 Gb Total Space | 81.58 Gb Free Space | 27.92% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/01/16 06:29:50 | 000,147,456 | ---- | M] (VMware, Inc.) [Auto] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/29 11:30:13 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2004/03/02 09:42:14 | 001,425,424 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/07/17 11:01:26 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/07/17 11:01:26 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/30 20:04:54 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/11 13:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/28 14:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 14:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/28 14:54:50 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/07/10 15:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 14:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 14:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 14:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/09 22:21:54 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/09 21:58:42 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/08 20:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/03/02 09:41:26 | 000,268,872 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/08/28 20:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/07/24 18:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 12:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Michael_Morin_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Mike_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/05 08:45:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 11:45:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 11:45:18 | 000,000,000 | ---D | M]

[2008/12/23 01:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\Michael_Morin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Michael_Morin_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\Mike_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Other_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - HKU\Mike_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Other_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Other_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Michael Morin\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Documents and Settings\Michael Morin\Start Menu\Programs\Startup\eFax 4.4.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Michael_Morin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mike_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} [You must be registered and logged in to see this link.] (VMware_VDM_Client Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.242 68.87.71.226 192.168.1.1 68.87.73.242 68.87.71.226
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Michael_Morin_ON_C Winlogon: Shell - (C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe) - C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/23 22:48:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\My Documents
[2010/11/23 22:48:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2010/11/15 14:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Powercinema
[2010/11/15 14:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\CyberLink
[2010/11/15 14:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Sony Corporation
[2010/11/15 11:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\NEW-Receipts
[2010/11/14 21:25:43 | 000,000,000 | ---D | C] -- C:\Backups of Michael Morin account
[2010/11/14 21:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\New Folder
[2010/11/14 21:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Macromedia
[2010/11/14 20:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Adobe
[2010/11/14 20:47:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\PrivacIE
[2010/11/14 20:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Google
[2010/11/14 20:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\HPAppData
[2010/11/14 20:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Yahoo!
[2010/11/14 20:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Apple Computer
[2010/11/14 20:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\ArcSoft
[2010/11/14 20:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Apple Computer
[2010/11/14 20:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\SupportSoft
[2010/11/14 20:45:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\IETldCache
[2010/11/14 20:45:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mike\Application Data\Microsoft
[2010/11/14 20:45:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\SendTo
[2010/11/14 20:45:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\Recent
[2010/11/14 20:45:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\Application Data
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\Start Menu
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\My Documents\My Videos
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\My Documents\My Pictures
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\My Documents\My Music
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\My Documents
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\Favorites
[2010/11/14 20:45:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\Cookies
[2010/11/14 20:45:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mike\Templates
[2010/11/14 20:45:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mike\PrintHood
[2010/11/14 20:45:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mike\NetHood
[2010/11/14 20:45:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mike\Local Settings
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Sun
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\My Google Gadgets
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\MediaDirect
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\InstallShield
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Identities
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Google
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\BVRP Software
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\ApplicationHistory
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Adobe
[2010/11/11 11:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Morin\Application Data\Malwarebytes
[2010/11/11 11:49:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/11 11:49:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/11 11:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 15:14:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 15:14:01 | 000,015,308 | ---- | M] () -- C:\WINDOWS\System32\535.js
[2010/11/15 15:14:01 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/15 15:05:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{28999193-381B-4368-B72A-7B43EA5F7616}.job
[2010/11/15 12:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/15 11:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 11:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/15 10:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/15 09:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/15 08:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/15 07:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/15 06:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/15 05:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/15 04:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/15 03:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/15 02:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/15 01:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/15 00:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/14 23:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/14 22:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/14 21:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/14 20:46:55 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2010/11/14 20:46:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/14 20:46:01 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Windows Media Player.lnk
[2010/11/14 20:41:46 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/14 19:36:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/14 19:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/14 18:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/14 17:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/14 16:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/14 14:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/11 15:26:56 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/11/11 15:26:44 | 000,509,282 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/11 15:26:44 | 000,092,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/11 15:26:39 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/11/11 15:24:53 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\completescan
[2010/11/11 14:36:15 | 3210,780,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 13:58:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/11 11:49:21 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/11 11:25:36 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/11/11 02:15:43 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\start
[2010/11/11 02:01:58 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Desktop\ThinkPoint.lnk
[2010/11/11 02:01:58 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\install
[2010/11/11 01:59:54 | 000,559,104 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\hotfixa
[2010/11/07 21:37:00 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/05 21:52:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 15:14:01 | 000,015,308 | ---- | C] () -- C:\WINDOWS\System32\535.js
[2010/11/14 20:47:03 | 002,997,744 | ---- | C] () -- C:\Documents and Settings\Mike\ProductContext1400.log
[2010/11/14 20:46:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2010/11/14 20:46:38 | 003,012,700 | ---- | C] () -- C:\Documents and Settings\Mike\ProductContext5600.log
[2010/11/14 20:46:01 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Windows Media Player.lnk
[2010/11/14 20:45:53 | 000,014,374 | ---- | C] () -- C:\Documents and Settings\Mike\msi.log
[2010/11/14 20:45:53 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/14 20:45:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/14 20:45:53 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/11 12:23:48 | 3210,780,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/11 11:49:21 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/11 02:15:43 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\start
[2010/11/11 02:08:58 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\completescan
[2010/11/11 02:01:58 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Desktop\ThinkPoint.lnk
[2010/11/11 02:01:58 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\install
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/11 01:59:54 | 000,559,104 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\hotfixa
[2010/11/11 01:59:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/11 01:59:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/11 01:59:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/11 01:59:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/11 01:59:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/08/05 22:34:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\mpauth.dat
[2010/03/19 07:29:42 | 003,012,772 | ---- | C] () -- C:\Documents and Settings\Other\ProductContext5600.log
[2010/03/02 21:21:33 | 002,998,364 | ---- | C] () -- C:\Documents and Settings\Michael Morin\ProductContext1400.log
[2009/08/29 17:16:14 | 003,013,324 | ---- | C] () -- C:\Documents and Settings\Michael Morin\ProductContext5600.log
[2009/07/30 10:29:55 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/07/27 20:34:28 | 002,997,816 | ---- | C] () -- C:\Documents and Settings\Other\ProductContext1400.log
[2009/06/15 18:48:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Other\񀿉
[2009/05/30 23:29:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael Morin\񀿉
[2009/04/16 12:33:36 | 000,056,794 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/04/16 12:33:36 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/04/03 10:39:26 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Michael Morin\linksys conn info.txt
[2009/01/02 15:31:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/11/15 14:38:20 | 000,002,206 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\HPSU_48BitScanUpdate.log
[2008/11/15 14:38:20 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/08/22 12:45:32 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Other\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/21 20:10:32 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Other\default.pls
[2008/07/10 20:19:20 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Michael Morin\default.pls
[2008/07/10 15:11:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/25 19:26:34 | 000,014,374 | ---- | C] () -- C:\Documents and Settings\Other\msi.log
[2008/06/08 01:59:16 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/05 15:04:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/05 12:40:30 | 000,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/06/04 22:37:44 | 000,014,374 | ---- | C] () -- C:\Documents and Settings\Michael Morin\msi.log
[2008/06/04 22:36:14 | 000,014,374 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\msi.log
[2008/05/29 11:37:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/29 11:27:19 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/05/29 11:16:34 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/29 11:16:32 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/29 10:51:30 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/29 10:51:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/05/29 10:51:28 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/05/29 10:50:04 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/04/28 10:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\BitTorrent
[2009/04/28 10:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\DNA
[2010/11/11 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\Dropbox
[2009/01/15 02:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\eFax Messenger
[2009/01/15 02:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\j2 Global
[2009/07/13 23:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\NewsBin
[2008/06/05 15:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\OfficeUpdate12
[2008/06/05 12:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\RegisterVPN
[2008/10/09 19:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\tmp
[2009/06/19 00:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\Uniblue
[2008/08/21 20:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Other\Application Data\Newsbin
[2008/12/30 16:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Other\Application Data\Unity
[2010/11/15 00:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/15 09:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/15 10:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/15 12:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/15 11:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/11 13:58:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/14 14:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/14 16:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/15 15:14:01 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/14 20:41:46 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/14 22:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/15 02:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/14 19:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/14 18:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/14 23:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/14 21:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/14 17:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/15 04:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/15 01:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/15 03:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/15 06:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/15 05:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/15 07:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/15 08:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/11/15 15:05:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{28999193-381B-4368-B72A-7B43EA5F7616}.job

========== Purity Check ==========


< End of report >

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Sat 27 Nov 2010, 12:30 pm

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Mon 29 Nov 2010, 8:09 am

When running combofix it gets an error saying: "You appear to have a corrupt download. Please download a fresh copy of ComboFix.exe"

I get this error with both links you have above.

Please advise.

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Mon 29 Nov 2010, 11:40 am

Did you try downloading a fresh copy?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Tue 30 Nov 2010, 1:10 am

Yes. I downloaded fresh copies from the two links you provided.

Are there any other downloads sites that are safe?

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Tue 30 Nov 2010, 9:26 am

Please run OTLPE.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O20 - HKU\Michael_Morin_ON_C Winlogon: Shell - (C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe) - C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe File not found
    [2010/11/15 15:14:01 | 000,015,308 | ---- | M] () -- C:\WINDOWS\System32\535.js

    :files
    C:\WINDOWS\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Wed 01 Dec 2010, 5:43 am

========== OTL ==========
Registry value HKEY_USERS\Michael_Morin_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe deleted successfully.
C:\WINDOWS\system32\535.js moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.

OTLPE by OldTimer - Version 3.1.43.0 log created on 11302010_133956

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Wed 01 Dec 2010, 11:19 am

Please try Combofix again now OTLPE removed the upfront infection.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Wed 01 Dec 2010, 3:33 pm

I am back to where I was on post 5 where combofix says:

"You appear to have a corrupt download. Please download a fresh copy of ComboFix.exe"

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Thu 02 Dec 2010, 11:57 am

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Please remember to post both logs.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Sun 05 Dec 2010, 10:10 am

Both of these tools fail on my system. Please advise.

Here is the output from each:

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x0080000e

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 848604FBDB02A2F8193090DD8D99F2A9F3F4192C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

===================================================

TDSSKiller:

Can't initialize log.
Can't load driver.

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Mon 06 Dec 2010, 10:12 am

Hello.

Re-Run MBRCheck.exe


  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    and then press Enter.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Tue 07 Dec 2010, 3:41 pm

Got error again. Here is screen output:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: C:\tmp\OTL.Txt
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x00800006

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 848604FBDB02A2F8193090DD8D99F2A9F3F4192C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: Y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 1

Enter the physical disk number to dump (0-99, -1 to exit): 0
Dumping \\.\PhysicalDisk0...
Enter filename to dump to: dump.dat
Error opening output file (0)!

Enter the physical disk number to dump (0-99, -1 to exit):

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Wed 08 Dec 2010, 11:00 am

Hello.
Please attach the dump file in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Thu 09 Dec 2010, 3:00 am

Dump file is attached (inside zip file) - thanks.

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Thu 09 Dec 2010, 11:15 am

Hello.

  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Thu 09 Dec 2010, 4:30 pm

svchosts.exe says:

"You appear to have a corrupt download. Please download a fresh copy of ComboFix.exe"

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Fri 10 Dec 2010, 11:54 am

Hello.
Try booting normally, are you able to do that now we removed some of the infection?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Fri 10 Dec 2010, 1:15 pm

No, it still gets to the blinking underscore and that's it.

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Thu 16 Dec 2010, 2:21 am

GeekPolice, have you given up?

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Thu 16 Dec 2010, 10:17 am

Nope, please re-run OTL and post the new results.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by mwmorin on Thu 16 Dec 2010, 2:58 pm

Here is OTL output running with no custom scans:


OTL logfile created on: 12/15/2010 10:46:53 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.21 Gb Total Space | 81.57 Gb Free Space | 27.92% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 0.90 Gb Free Space | 12.11% Space Free | Partition Type: FAT32
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/01/16 06:29:50 | 000,147,456 | ---- | M] (VMware, Inc.) [Auto] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/29 11:30:13 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2004/03/02 09:42:14 | 001,425,424 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/07/17 11:01:26 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/07/17 11:01:26 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/30 20:04:54 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/11 13:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/28 14:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 14:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/28 14:54:50 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/07/10 15:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 14:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 14:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 14:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/09 22:21:54 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/09 21:58:42 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/08 20:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/03/02 09:41:26 | 000,268,872 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/08/28 20:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/07/24 18:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 12:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Michael_Morin_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Mike_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/05 08:45:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 11:45:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 11:45:18 | 000,000,000 | ---D | M]

[2008/12/23 01:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\Michael_Morin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Michael_Morin_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\Mike_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Other_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - HKU\Mike_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Other_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Other_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Michael Morin\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Documents and Settings\Michael Morin\Start Menu\Programs\Startup\eFax 4.4.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Michael_Morin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mike_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} [You must be registered and logged in to see this link.] (VMware_VDM_Client Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.242 68.87.71.226 192.168.1.1 68.87.73.242 68.87.71.226
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Michael_Morin_ON_C Winlogon: Shell - (C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe) - C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/30 13:39:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/23 22:48:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\My Documents
[2010/11/23 22:48:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 20:47:03 | 002,997,744 | ---- | C] () -- C:\Documents and Settings\Mike\ProductContext1400.log
[2010/11/14 20:46:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2010/11/14 20:46:38 | 003,012,700 | ---- | C] () -- C:\Documents and Settings\Mike\ProductContext5600.log
[2010/11/14 20:45:53 | 000,014,374 | ---- | C] () -- C:\Documents and Settings\Mike\msi.log
[2010/11/11 02:15:43 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\start
[2010/11/11 02:08:58 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\completescan
[2010/11/11 02:01:58 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\install
[2010/11/11 01:59:54 | 000,559,104 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\hotfixa
[2010/08/05 22:34:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\mpauth.dat
[2010/03/19 07:29:42 | 003,012,772 | ---- | C] () -- C:\Documents and Settings\Other\ProductContext5600.log
[2010/03/02 21:21:33 | 002,998,364 | ---- | C] () -- C:\Documents and Settings\Michael Morin\ProductContext1400.log
[2009/08/29 17:16:14 | 003,013,324 | ---- | C] () -- C:\Documents and Settings\Michael Morin\ProductContext5600.log
[2009/07/30 10:29:55 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/07/27 20:34:28 | 002,997,816 | ---- | C] () -- C:\Documents and Settings\Other\ProductContext1400.log
[2009/06/15 18:48:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Other\񀿉
[2009/05/30 23:29:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael Morin\񀿉
[2009/04/16 12:33:36 | 000,056,794 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/04/16 12:33:36 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/04/03 10:39:26 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Michael Morin\linksys conn info.txt
[2009/01/02 15:31:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/11/15 14:38:20 | 000,002,206 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\HPSU_48BitScanUpdate.log
[2008/11/15 14:38:20 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/08/22 12:45:32 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Other\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/21 20:10:32 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Other\default.pls
[2008/07/10 20:19:20 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Michael Morin\default.pls
[2008/07/10 15:11:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/25 19:26:34 | 000,014,374 | ---- | C] () -- C:\Documents and Settings\Other\msi.log
[2008/06/08 01:59:16 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/05 15:04:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/05 12:40:30 | 000,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/06/04 22:37:44 | 000,014,374 | ---- | C] () -- C:\Documents and Settings\Michael Morin\msi.log
[2008/06/04 22:36:14 | 000,014,374 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\msi.log
[2008/05/29 11:37:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/29 11:27:19 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/05/29 11:16:34 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/29 11:16:32 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/29 10:51:30 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/29 10:51:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/05/29 10:51:28 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/05/29 10:50:04 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/04/28 10:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\BitTorrent
[2009/04/28 10:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\DNA
[2010/11/11 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\Dropbox
[2009/01/15 02:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\eFax Messenger
[2009/01/15 02:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\j2 Global
[2009/07/13 23:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\NewsBin
[2008/06/05 15:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\OfficeUpdate12
[2008/06/05 12:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\RegisterVPN
[2008/10/09 19:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\tmp
[2009/06/19 00:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\Uniblue
[2008/08/21 20:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Other\Application Data\Newsbin
[2008/12/30 16:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Other\Application Data\Unity
[2010/11/15 15:05:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{28999193-381B-4368-B72A-7B43EA5F7616}.job

========== Purity Check ==========


< End of report >

mwmorin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2010-11-15
Operating System : windows xp

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Belahzur on Fri 17 Dec 2010, 10:25 am

Please run OTLPE.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2010/11/11 02:15:43 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\start
    [2010/11/11 02:08:58 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\completescan
    [2010/11/11 02:01:58 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\install
    [2010/11/11 01:59:54 | 000,559,104 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\hotfixa
    [2010/08/05 22:34:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\mpauth.dat



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ThinkPoint - now will not even boot up

Post by Sponsored content Today at 1:10 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum