Can't get past login because of ThinkPoint

2 posters

WiredWX Christian Hobby Weather Tools :: Archive :: Technical Support

Can't get past login because of ThinkPoint29th October 2010, 12:10 am

Hope you can help me :-( i am not hugley computer literate and i seem to have Thinkpoint i have been trying to remove it but now i am at the stage that although i am in safe mode i cant even get past the 'log on to windows' screen. Every time i click 'ok' it saves settings and logs off and then re -goes to the 'log on to windows screen'.

I am currently on my old desktop and i REALLY need some help please...

Any help would be very much appreciated.

Thanks, Biggq.

Re: Can't get past login because of ThinkPoint29th October 2010, 12:31 am

Hi,

Welcome to GeekPolice.net!

Hello, user.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Step 1: you need to get the appropriate burning software for this task.

Download ISOBurner

This will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic.
See the instructions page for more info.

Step 2: download the OTLPE REATOGO Windows Recovery Environment.

Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
When downloaded double click and this will then open ISOBurner to burn the file to CD
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Change Drivers to Non-Microsoft
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\_OTL\MovedFiles
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.

Re: Can't get past login because of ThinkPoint29th October 2010, 2:09 am

Thank you for your help, i am nearly there, the OTLPE is on my screen but under Drivers there is only None, Use Safelist or All. I left it on Safelist, but at the other side there is a check box saying Skip Micrisoft Files, i have checked that.

Before I paste the multitude of text from the .txt box i thought I thought I would ask if i had done the right thing.

Thanks again,

Biggq

Re: Can't get past login because of ThinkPoint29th October 2010, 2:18 am

Ok-dockey here is the great lot of text (just in-case i have done it right)

OTL logfile created on: 10/29/2010 11:06:36 AM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 16.84 Gb Free Space | 45.19% Space Free | Partition Type: NTFS
Drive D: | 121.70 Mb Total Space | 50.22 Mb Free Space | 41.27% Space Free | Partition Type: FAT
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 00:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/16 21:10:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/02/02 05:15:12 | 001,251,720 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/12 06:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/01/18 23:29:52 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/18 23:29:52 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/04/06 04:03:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys -- (CoachVc)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys -- (CoachUsb)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/10/28 18:50:33 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\jcsvlhd.sys -- (jcsvlhd)
DRV - [2010/07/16 21:10:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 21:08:00 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 21:51:23 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/23 02:49:55 | 000,005,632 | ---- | M] () [File_System | System] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/05/31 03:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/30 21:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 02:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 02:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 02:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/31 10:14:16 | 000,026,496 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\g3grumdm.sys -- (G3GRUMDM)
DRV - [2005/03/31 10:14:16 | 000,023,296 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\g3gruser.sys -- (G3GRUSER)
DRV - [2005/03/25 05:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/12/16 04:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/11/08 11:06:08 | 000,085,504 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/10/19 01:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/14 10:53:00 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/10/14 10:52:02 | 000,292,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/20 04:41:00 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/08/04 14:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/28 06:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/06/02 05:07:28 | 001,240,938 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/04/13 20:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/10 07:40:28 | 000,199,552 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/03/10 07:37:26 | 000,682,624 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/03/10 07:35:48 | 001,041,536 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/18 13:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 11:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/09/08 04:06:36 | 000,255,360 | R--- | M] (D-Link) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AIRPLUS.sys -- (AIRPLUS)
DRV - [2003/06/26 22:05:38 | 000,472,332 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2002/10/15 02:48:46 | 000,012,964 | ---- | M] (WayTech Development, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\kbfilter.sys -- (kbfilter)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 00:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2000/03/29 05:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Isabella_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Isabella_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Isabella_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Isabella_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\Isabella_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Isabella_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Isabella_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Isabella_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (UserZoom survey tool) - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Program Files\UserZoom survey tool\UserZoom.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Isabella_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Isabella_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cmexsaworn.tmp] C:\Documents and Settings\Isabella\Local Settings\Temp\cmexsaworn.tmp (Корпорация Майкрософт)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\Isabella_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Isabella_ON_C..\Run: [U36VRSFLG6] C:\Documents and Settings\Isabella\Local Settings\Temp\Zj2.exe (CJSC Computing Forces)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Isabella_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177119388046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://192.168.0.51:7001/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey)
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} https://uzdownloads.s3.amazonaws.com/3.5/UserZoom.cab (UserZoomAX2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Isabella_ON_C Winlogon: Shell - (C:\Documents and Settings\Isabella\Application Data\hotfix.exe) - C:\Documents and Settings\Isabella\Application Data\hotfix.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\userinit.exe: Debugger - packpk.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 02:16:09 | 000,266,240 | ---- | C] (CJSC Computing Forces) -- C:\WINDOWS\Zkufoa.exe
[2010/10/28 02:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Isabella\Application Data\AE30FFB4E31B92211609D811D03BF4B6
[2010/10/05 02:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/05 02:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/05 02:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/05 02:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 21:43:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/28 19:34:44 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/28 19:34:34 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/28 18:54:00 | 000,000,204 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/10/28 18:50:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\jcsvlhd.sys
[2010/10/28 04:55:16 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Isabella\Application Data\completescan
[2010/10/28 04:50:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/28 04:43:03 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-558469912-3482245176-2908806954-1007UA.job
[2010/10/28 04:34:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/28 04:28:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/28 03:28:13 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/28 02:35:13 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/28 02:31:39 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Isabella\Application Data\start
[2010/10/28 02:28:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/28 02:17:10 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/10/28 02:16:21 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Isabella\Desktop\ThinkPoint.lnk
[2010/10/28 02:15:57 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Isabella\Application Data\install
[2010/10/28 02:15:38 | 000,266,240 | ---- | M] (CJSC Computing Forces) -- C:\WINDOWS\Zkufoa.exe
[2010/10/28 02:15:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/28 02:15:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/28 02:15:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/28 02:15:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/28 02:15:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/28 02:15:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/28 02:15:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/28 02:15:10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Isabella\Application Data\hotfix.exe
[2010/10/27 21:26:45 | 066,910,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/27 09:43:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-558469912-3482245176-2908806954-1007Core.job
[2010/10/27 09:37:46 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Isabella\My Documents\Darcie's Little Athletic Results Tracker.xls
[2010/10/27 09:06:08 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Isabella\Desktop\Microsoft Excel (2).lnk
[2010/10/26 02:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/24 19:09:14 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Isabella\Desktop\Microsoft Word (2).lnk
[2010/10/24 10:03:42 | 000,102,307 | ---- | M] () -- C:\Documents and Settings\Isabella\Desktop\mode3telephone.jpg
[2010/10/23 05:45:44 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/23 05:45:43 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Isabella\Desktop\Google Chrome.lnk
[2010/10/19 22:38:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1203471108.job
[2010/10/14 23:29:46 | 000,373,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/11 10:09:30 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Isabella\My Documents\Medicine Ball Slams.doc
[2010/10/05 05:28:57 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Isabella\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 02:28:20 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Isabella\Application Data\start
[2010/10/28 02:24:57 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Isabella\Application Data\completescan
[2010/10/28 02:16:14 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Isabella\Desktop\ThinkPoint.lnk
[2010/10/28 02:16:03 | 000,000,294 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/28 02:15:57 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Isabella\Application Data\install
[2010/10/28 02:15:52 | 000,000,204 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/28 02:15:16 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/28 02:15:16 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/28 02:15:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/28 02:15:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/28 02:15:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/28 02:15:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/28 02:15:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/28 02:15:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/28 02:15:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/28 02:15:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/28 02:15:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/28 02:15:14 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/28 02:15:13 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/28 02:15:13 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/28 02:15:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/28 02:15:10 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Isabella\Application Data\hotfix.exe
[2010/10/28 02:14:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\jcsvlhd.sys
[2010/10/27 09:32:55 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Isabella\My Documents\Darcie's Little Athletic Results Tracker.xls
[2010/10/24 10:03:51 | 000,102,307 | ---- | C] () -- C:\Documents and Settings\Isabella\Desktop\mode3telephone.jpg
[2010/10/11 10:09:29 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Isabella\My Documents\Medicine Ball Slams.doc
[2010/05/05 01:32:34 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/06/23 02:32:08 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/09 23:06:03 | 000,000,210 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2006/11/28 09:41:18 | 000,000,533 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2006/10/02 03:53:54 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Isabella\Application Data\wklnhst.dat
[2006/08/22 05:15:45 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/08/22 05:15:44 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006/06/20 04:46:39 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/06/20 04:46:39 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/06/20 04:46:36 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/06/20 04:46:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/05/14 08:56:03 | 000,014,938 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/04/25 22:48:03 | 000,005,928 | ---- | C] () -- C:\Documents and Settings\Isabella\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/25 22:48:03 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/22 09:05:35 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Isabella\default.pls
[2006/04/22 08:59:07 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/04/21 22:56:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/13 02:00:01 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Isabella\LuResult.txt
[2006/02/13 01:49:39 | 000,000,463 | ---- | C] () -- C:\WINDOWS\REPENG.INI
[2006/02/13 01:04:23 | 000,019,353 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2006/01/24 00:36:20 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2006/01/24 00:36:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2006/01/24 00:36:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2006/01/24 00:36:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2006/01/24 00:36:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2006/01/24 00:36:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2006/01/24 00:35:58 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2006/01/24 00:35:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2006/01/24 00:35:38 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2006/01/24 00:35:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2006/01/24 00:35:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2006/01/24 00:35:30 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2006/01/24 00:35:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2006/01/24 00:35:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2006/01/24 00:35:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2006/01/24 00:35:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2006/01/24 00:34:58 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2006/01/24 00:34:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2006/01/24 00:33:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2006/01/12 22:43:50 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2005/11/30 00:49:30 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2005/11/30 00:49:20 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL
[2005/11/06 23:12:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/10/18 20:52:36 | 000,000,181 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2005/10/18 20:52:36 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2005/10/17 05:44:20 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Isabella\Local Settings\Application Data\fusioncache.dat
[2005/07/11 01:33:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2005/06/20 23:24:41 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/06/20 23:24:41 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/06/16 09:24:10 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/06/16 09:24:09 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2005/05/30 22:16:17 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\Isabella\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/13 00:12:30 | 000,000,621 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/11 22:56:28 | 000,002,568 | ---- | C] () -- C:\Documents and Settings\Isabella\secedit.INTEG.RAW
[2005/05/11 22:21:51 | 000,002,568 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\secedit.INTEG.RAW
[2004/11/22 14:27:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/11/22 14:27:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/11/22 14:27:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/11/22 14:27:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/11/22 14:27:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/11/22 14:27:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/16 08:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:57:54 | 000,004,450 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/02 05:28:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/01/13 14:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/04/15 23:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2001/11/14 01:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 01:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/03/25 13:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1997/06/12 19:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/10/28 02:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\AE30FFB4E31B92211609D811D03BF4B6
[2006/05/14 08:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\FotoWire
[2005/06/20 23:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\FUJIFILM
[2006/08/09 11:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\ICS
[2005/05/13 05:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\InterTrust
[2005/06/20 23:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\InterVideo
[2005/05/21 02:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\Leadertech
[2006/06/20 11:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\MSNInstaller
[2010/02/04 10:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\NCH Swift Sound
[2010/01/31 10:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\Samsung
[2007/07/23 02:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\Starware343
[2006/10/02 03:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\Template
[2005/06/20 23:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\Ulead Systems
[2006/08/09 11:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabella\Application Data\Vodafone Mobile Connect
[2010/10/28 02:15:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/28 02:28:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/28 03:28:13 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/28 04:28:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/28 02:15:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/28 02:15:18 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/28 02:15:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/28 02:15:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/28 02:15:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/28 02:15:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/28 02:15:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/28 02:15:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/10/28 19:34:44 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/28 18:54:00 | 000,000,204 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

========== Purity Check ==========

< End of report >

Re: Can't get past login because of ThinkPoint29th October 2010, 2:34 am

Hi,

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O4 - HKLM..\Run: [cmexsaworn.tmp] C:\Documents and Settings\Isabella\Local Settings\Temp\cmexsaworn.tmp (Корпорация Майкрософт)
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKU\Isabella_ON_C..\Run: [U36VRSFLG6] C:\Documents and Settings\Isabella\Local Settings\Temp\Zj2.exe (CJSC Computing Forces)
O20 - HKU\Isabella_ON_C Winlogon: Shell - (C:\Documents and Settings\Isabella\Application Data\hotfix.exe) - C:\Documents and Settings\Isabella\Application Data\hotfix.exe ()
O27 - HKLM IFEO\userinit.exe: Debugger - packpk.exe File not found
[2010/10/28 02:16:09 | 000,266,240 | ---- | C] (CJSC Computing Forces) -- C:\WINDOWS\Zkufoa.exe
[2010/10/28 02:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Isabella\Application Data\AE30FFB4E31B92211609D811D03BF4B6
[2010/10/28 19:34:44 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/28 18:54:00 | 000,000,204 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/10/28 18:50:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\jcsvlhd.sys
[2010/10/28 04:55:16 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Isabella\Application Data\completescan
[2010/10/28 02:15:10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Isabella\Application Data\hotfix.exe
[2010/10/28 02:15:57 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Isabella\Application Data\install
[2010/10/28 02:28:20 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Isabella\Application Data\start
[2010/10/28 02:24:57 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Isabella\Application Data\completescan
[2010/10/28 02:16:14 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Isabella\Desktop\ThinkPoint.lnk

:Files
C:\WINDOWS\Tasks\AT*.job

:commands
[emptytemp]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=============

Please download ComboFix Can't get past login because of ThinkPoint Combofix

Can't get past login because of ThinkPoint Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Can't get past login because of ThinkPoint Query_RC

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Can't get past login because of ThinkPoint RC_successful

Can't get past login because of ThinkPoint RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Can't get past login because of ThinkPoint29th October 2010, 3:28 am

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cmexsaworn.tmp deleted successfully.
C:\Documents and Settings\Isabella\Local Settings\Temp\cmexsaworn.tmp moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DXDllRegExe deleted successfully.
Registry value HKEY_USERS\Isabella_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\U36VRSFLG6 deleted successfully.
C:\Documents and Settings\Isabella\Local Settings\Temp\Zj2.exe moved successfully.
Registry value HKEY_USERS\Isabella_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Isabella\Application Data\hotfix.exe deleted successfully.
C:\Documents and Settings\Isabella\Application Data\hotfix.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe\ deleted successfully.
C:\WINDOWS\Zkufoa.exe moved successfully.
C:\Documents and Settings\Isabella\Application Data\AE30FFB4E31B92211609D811D03BF4B6 folder moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.
C:\WINDOWS\system32\drivers\jcsvlhd.sys moved successfully.
C:\Documents and Settings\Isabella\Application Data\completescan moved successfully.
File C:\Documents and Settings\Isabella\Application Data\hotfix.exe not found.
C:\Documents and Settings\Isabella\Application Data\install moved successfully.
C:\Documents and Settings\Isabella\Application Data\start moved successfully.
File C:\Documents and Settings\Isabella\Application Data\completescan not found.
C:\Documents and Settings\Isabella\Desktop\ThinkPoint.lnk moved successfully.
========== FILES ==========
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Isabella
->Temp folder emptied: 61845053 bytes
->Temporary Internet Files folder emptied: 169026473 bytes
->Java cache emptied: 79112810 bytes
->Google Chrome cache emptied: 278005897 bytes
->Flash cache emptied: 98013 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 128746 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 42417614 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3210257 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65537866 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 667.00 mb

OTLPE by OldTimer - Version 3.1.43.0 log created on 10292010_114751

I have downloaded combofix but onto my desktop and it just scans i dont see how i can get it on to my laptop..... i am really sorry, i bet you'll be glad when this is over.

Re: Can't get past login because of ThinkPoint29th October 2010, 3:52 am

Hi,

I have downloaded combofix but onto my desktop and it just scans i dont see how i can get it on to my laptop..... i am really sorry, i bet you'll be glad when this is over.

What do you mean by this?

Re: Can't get past login because of ThinkPoint29th October 2010, 4:45 am

i followed the next step you detailed

"=============

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com"

and it just runs immediatly on this computer, i cant see how to save it to CD or Flash to transfer it to my laptop

Re: Can't get past login because of ThinkPoint29th October 2010, 5:04 am

have sussed it, i went through internet explorer instead of Google Chrome

Re: Can't get past login because of ThinkPoint29th October 2010, 5:48 am

done although i couldnt de-activate AVG, i did try to uninstall it first but it came up as a error.

ComboFix 10-10-26.02 - Isabella 29/10/2010 15:29:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1246.640 [GMT 8:00]
Running from: E:\commy.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Starware343
c:\documents and settings\All Users\Application Data\Starware343\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware343\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware343\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware343\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware343\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware343\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware343\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware343\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware343\buttons\maps.bmp
c:\documents and settings\All Users\Application Data\Starware343\buttons\maps_over.bmp
c:\documents and settings\All Users\Application Data\Starware343\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware343\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware343\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware343\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware343\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware343\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware343\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware343\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware343\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware343\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware343\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware343\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware343\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware343\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware343\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware343\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware343\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware343\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343
c:\documents and settings\Isabella\Application Data\Starware343\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Isabella\Application Data\Starware343\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\Configurator\Configurator.xml
c:\documents and settings\Isabella\Application Data\Starware343\Configurator\Configurator.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\Games\GamesOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\Games\GamesOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\Games\images\active\Games0.bmp
c:\documents and settings\Isabella\Application Data\Starware343\Layouts\ToolbarLayout.xml
c:\documents and settings\Isabella\Application Data\Starware343\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\Layouts\WeatherLayout.xml
c:\documents and settings\Isabella\Application Data\Starware343\Layouts\WeatherLayout.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\Manager\ManagerOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\Manager\ManagerOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\Maps\MapsOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\Maps\MapsOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\Movies\images\active\Movies0.bmp
c:\documents and settings\Isabella\Application Data\Starware343\Movies\MoviesOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\Movies\MoviesOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\Reference\ReferenceOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\Isabella\Application Data\Starware343\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\Toolbar\TBProductsOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Isabella\Application Data\Starware343\Weather\AlertArchive.xml
c:\documents and settings\Isabella\Application Data\Starware343\Weather\WeatherOptions.xml
c:\documents and settings\Isabella\Application Data\Starware343\Weather\WeatherOptions.xml.backup
C:\install.exe
c:\program files\screensavers.com
c:\program files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
c:\program files\screensavers.com\SSSUninst.exe
c:\program files\Starware343
c:\program files\Starware343\brand.bmp
c:\program files\Starware343\icons\star_16.ico
c:\program files\Starware343\Starware343Config.xml
c:\program files\Starware343\Starware343Uninstall.exe
c:\windows\jestertb.dll
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-29 15:47 . 2010-10-29 15:47 -------- d-----w- C:\_OTL
2010-10-14 03:43 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 03:43 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-05 06:44 . 2010-10-05 06:44 -------- d-----w- c:\program files\iPod
2010-10-05 06:44 . 2010-10-05 06:45 -------- d-----w- c:\program files\iTunes
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-05 06:38 . 2010-10-05 06:39 -------- d-----w- c:\program files\QuickTime
2010-10-05 06:35 . 2010-10-05 06:35 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 06:53 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 08:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 08:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-09 13:38 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 08:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-04 08:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 03:17 . 2010-09-08 03:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 03:17 . 2010-09-08 03:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-04 08:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 08:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 08:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 08:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 10:34 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 08:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-07 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"Google Update"="c:\documents and settings\Isabella\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-15 81920]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-06-15 221184]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-14 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 01:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Enable Wireless Keyboard Driver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Enable Wireless Keyboard Driver.lnk
backup=c:\windows\pss\Enable Wireless Keyboard Driver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Enable Wireless Optical Mouse Driver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Enable Wireless Optical Mouse Driver.lnk
backup=c:\windows\pss\Enable Wireless Optical Mouse Driver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-06-26 10:50 212992 ------w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 13:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 13:00 44032 -c--a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 13:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-15 22:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-23 18:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 13:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 13:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 13:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 03:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/02/2010 9:20 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/02/2010 9:20 PM 243024]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [28/01/2006 8:07 PM 12964]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 9:19 AM 308136]
S0 jcsvlhd;jcsvlhd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/02/2010 7:04 AM 135664]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [9/08/2006 10:50 PM 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [9/08/2006 10:50 PM 23296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 23:04]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 23:04]

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558469912-3482245176-2908806954-1007Core.job
- c:\documents and settings\Isabella\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-29 04:22]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558469912-3482245176-2908806954-1007UA.job
- c:\documents and settings\Isabella\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-29 04:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} - hxxps://uzdownloads.s3.amazonaws.com/3.5/UserZoom.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-HbTools - c:\program files\HbTools\Bin\4.7.5.0\HbtOEAddOn.exe
MSConfigStartUp-IndexSearch - c:\program files\ScanSoft\PaperPort\IndexSearch.exe
MSConfigStartUp-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
MSConfigStartUp-LogitechVideoTray - c:\program files\Logitech\Video\LogiTray.exe
MSConfigStartUp-PaperPort PTD - c:\program files\ScanSoft\PaperPort\pptd40nt.exe
MSConfigStartUp-REGSHAVE - c:\program files\REGSHAVE\REGSHAVE.EXE
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe
MSConfigStartUp-WeatherOnTray - c:\program files\HbTools\Bin\4.7.5.0\HbtWeatherOnTray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-29 15:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????H
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\program files\Skype\Phone\Skype.exe
c:\documents and settings\Isabella\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-10-29 15:48:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-29 07:48

Pre-Run: 17,835,520,000 bytes free
Post-Run: 17,707,548,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3165E8AE8C2710772B541C0782DCD13B

Re: Can't get past login because of ThinkPoint29th October 2010, 4:47 pm

Hi,

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

Driver::
jcsvlhd
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Can't get past login because of ThinkPoint29th October 2010, 10:58 pm

ComboFix 10-10-26.02 - Isabella 30/10/2010 8:33.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1246.778 [GMT 8:00]
Running from: E:\commy.exe
Command switches used :: E:\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JCSVLHD
-------\Service_jcsvlhd

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-29 15:47 . 2010-10-29 15:47 -------- d-----w- C:\_OTL
2010-10-14 03:43 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 03:43 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-05 06:44 . 2010-10-05 06:44 -------- d-----w- c:\program files\iPod
2010-10-05 06:44 . 2010-10-05 06:45 -------- d-----w- c:\program files\iTunes
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-05 06:39 . 2010-10-05 06:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-05 06:38 . 2010-10-05 06:39 -------- d-----w- c:\program files\QuickTime
2010-10-05 06:35 . 2010-10-05 06:35 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 06:53 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 08:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 08:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-09 13:38 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 08:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-04 08:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 03:17 . 2010-09-08 03:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 03:17 . 2010-09-08 03:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-04 08:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 08:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 08:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 08:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 10:34 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 08:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-07 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"Google Update"="c:\documents and settings\Isabella\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-15 81920]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-06-15 221184]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-14 169472]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Enable Wireless Keyboard Driver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Enable Wireless Keyboard Driver.lnk
backup=c:\windows\pss\Enable Wireless Keyboard Driver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Enable Wireless Optical Mouse Driver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Enable Wireless Optical Mouse Driver.lnk
backup=c:\windows\pss\Enable Wireless Optical Mouse Driver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-06-26 10:50 212992 ------w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 13:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 13:00 44032 -c--a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 13:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-15 22:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-23 18:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 13:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 13:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 13:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 03:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [28/01/2006 8:07 PM 12964]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/02/2010 7:04 AM 135664]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [9/08/2006 10:50 PM 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [9/08/2006 10:50 PM 23296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 23:04]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 23:04]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558469912-3482245176-2908806954-1007Core.job
- c:\documents and settings\Isabella\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-29 04:22]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558469912-3482245176-2908806954-1007UA.job
- c:\documents and settings\Isabella\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-29 04:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} - hxxps://uzdownloads.s3.amazonaws.com/3.5/UserZoom.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 08:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?5?1?7??p???? ???B?????????????H
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Phone\Skype.exe
c:\documents and settings\Isabella\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-10-30 08:58:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-30 00:58
ComboFix2.txt 2010-10-29 07:48

Pre-Run: 17,865,465,856 bytes free
Post-Run: 17,877,295,104 bytes free

- - End Of File - - 7F1F0458FD39E48A95D16A6252E45CA1

Re: Can't get past login because of ThinkPoint29th October 2010, 11:32 pm

Hi,

Can't get past login because of ThinkPoint Bf_new

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Re: Can't get past login because of ThinkPoint30th October 2010, 9:27 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4996

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

30/10/2010 7:30:04 PM
mbam-log-2010-10-30 (19-30-04).txt

Scan type: Quick scan
Objects scanned: 141321
Time elapsed: 8 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{0fbc3efb-fc98-4b32-bf10-bde9aa4dea5a} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a4b7d17-1de9-4c14-8adf-eb4c07060519} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abf441b2-9b57-4838-96a0-34b1cecd4aa5} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Can't get past login because of ThinkPoint30th October 2010, 3:21 pm

Hi,

Please run a free online scan with ESET Online Scanner by downloading it from 'here' and save it to your Desktop.

Please ensure that you're logged into an Administrator account before running the scanner. The ESET Online Scanner will not work if you're on a limited account.
Double-click esetsmartinstaller_enu.exe to execute the program.
Check the box next to 'YES, I accept the Terms of Use'. Press 'Start'.
If this is your first time installing the scanner, allow the ActiveX Control to install.
Database download may take some time.
On the next page, ensure the box next to 'Remove found threads' has been checked. Also ensure that the box next to 'Scan unwanted applications' is checked. Proceed by clicking on 'Start'.
- The ESET Online Scanner will update the Virus Signature Database and begin the scan.
- Please allow it to complete successfully and ensure that any current downloads are stopped.
Once the scan's completed, please open 'Notepad' by navigating to 'Start', then 'Run', and type in 'Notepad'. Open the file located at 'C:\Program Files\ESET\ESET Online Scanner\log.txt'.
Please Copy & Paste this log into your next reply.
Press 'Finish'.

Re: Can't get past login because of ThinkPoint30th October 2010, 11:31 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f3ed3a15e69fb145985d0106ce655e43
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-30 11:25:03
# local_time=2010-10-31 07:25:03 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 23447765 23447765 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 978 978 0 0
# scanned=74268
# found=4
# cleaned=4
# scan_time=2973
C:\_OTL\MovedFiles\10292010_114751\C_Documents and Settings\Isabella\Application Data\hotfix.exe a variant of Win32/Adware.FakeAntiSpy.M application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10292010_114751\C_Documents and Settings\Isabella\Application Data\AE30FFB4E31B92211609D811D03BF4B6\techupdate700x00ver.exe a variant of Win32/Kryptik.HSM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10292010_114751\C_Documents and Settings\Isabella\Local Settings\Temp\Zj2.exe a variant of Win32/Kryptik.HSZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10292010_114751\C_WINDOWS\Zkufoa.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Re: Can't get past login because of ThinkPoint31st October 2010, 2:56 pm

Hi,

How is your computer running now?

Re: Can't get past login because of ThinkPoint31st October 2010, 9:55 pm

YEY!!!!!!!!

Seriously i cant thank you enough, both for being so patient with me and being so god damn clever and fixing it!

THANK YOU!!!

Biggq

Re: Can't get past login because of ThinkPoint31st October 2010, 11:01 pm

Hi,

You're welcome, glad to help. Smile...

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE.

You now have a clean restore point.

To get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do a calculation of temporary/old files, and then display a dialogue box.
Select the More Options Tab.
At the bottom will be a System Restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done.

========

Removing the tools

Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

============

Service Pack upgrade

Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

============

Update Programs

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

===============

Staying Protected

If you don't have a Anti-Virus I recommend to download these free Anti-Virus programs:
1. Avast!
2. Avira
3. Microsoft Security Essentials

If you don't have a good firewall I recommend these free firewalls:
1. Comodo Firewall
2. Tallemu Online Armor

I recommend using MalwareBytes Anti-Malware for a anti-malware program.

If you don't have a anti-spyware I recommend to download these free programs to help keep you spyware free:
1. SpywareBlaster
2. Spybot - Search & Destroy

Please don't download more than one Anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.XP or Vista/7

4. Always make sure you have the latest Windows update.

5. Use a Site Advisor so you don't go to sites that will infect you. Web-of-Trust or Mcafee Siteadvisor

6. Also there are many holes and flaws in Internet Explorer I recommend using Firefox or Google Chrome to keep you more safe.

7. Always keep your Java and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.

Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information on keeping yourself safe please visit Here

Re: Can't get past login because of ThinkPoint1st November 2010, 12:08 am

Hi!

I have followed you up to 'Update Programs' stage and I have un-installed 2 of the 3 Adobe things but the last 'Acrobat 5' will not uninstall as it says that the 'uninstall is corrupted or invalid' any ideas for me?

Re: Can't get past login because of ThinkPoint1st November 2010, 1:30 am

Hi,

That is fine as long as your removed all of the old Adobe Readers and installed the latest version. I don't think you can removed Acrobat 5.

Re: Can't get past login because of ThinkPoint1st November 2010, 3:50 am

All DONE!!! Hooray!

Again thank you for your help,

Brenda

Re: Can't get past login because of ThinkPoint1st November 2010, 5:04 pm

Hi,

You're welcome, glad to help. Smile...

Re: Can't get past login because of ThinkPoint

Permissions in this forum:

You cannot reply to topics in this forum

Can't get past login because of ThinkPoint

descriptionCan't get past login because of ThinkPoint29th October 2010, 12:10 am

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 12:31 am

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 2:09 am

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 2:18 am

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 2:34 am

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 3:28 am

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 3:52 am

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 4:45 am

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 5:04 am

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 5:48 am

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 4:47 pm

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 10:58 pm

descriptionRe: Can't get past login because of ThinkPoint29th October 2010, 11:32 pm

descriptionRe: Can't get past login because of ThinkPoint30th October 2010, 9:27 am

descriptionRe: Can't get past login because of ThinkPoint30th October 2010, 3:21 pm

descriptionRe: Can't get past login because of ThinkPoint30th October 2010, 11:31 pm

descriptionRe: Can't get past login because of ThinkPoint31st October 2010, 2:56 pm

descriptionRe: Can't get past login because of ThinkPoint31st October 2010, 9:55 pm

descriptionRe: Can't get past login because of ThinkPoint31st October 2010, 11:01 pm

descriptionRe: Can't get past login because of ThinkPoint1st November 2010, 12:08 am

descriptionRe: Can't get past login because of ThinkPoint1st November 2010, 1:30 am

descriptionRe: Can't get past login because of ThinkPoint1st November 2010, 3:50 am

descriptionRe: Can't get past login because of ThinkPoint1st November 2010, 5:04 pm

descriptionRe: Can't get past login because of ThinkPoint