WiredWX Hobby Weather ToolsLog in

 


ThinkPoint - now will not even boot up

2 posters

descriptionThinkPoint - now will not even boot up EmptyThinkPoint - now will not even boot up

more_horiz
Windows XP - Home

History:

- got thinkpoint infection
- i was still able to login in but could not run any browser
- I followed steps on your site to get rid of this malware- http://www.GeekPolice.net/malware-removal-guides-f12/using-malwarebytes-to-remove-malware-t8083.htm
- several infections were detected and removed
- still could not load browser

After rebooting a couple of times, this is now happening:

I turn on the computer. I can get to BIOS screen, that is it. After that I get a flashing underscore character in the top left of screen on a black background.

Is there any recommendation?

thanks,
Mike

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
Hello.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
As requested here are the contents of file OTL.txt:

OTL logfile created on: 11/26/2010 4:03:00 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.21 Gb Total Space | 81.58 Gb Free Space | 27.92% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/01/16 06:29:50 | 000,147,456 | ---- | M] (VMware, Inc.) [Auto] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/29 11:30:13 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2004/03/02 09:42:14 | 001,425,424 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/07/17 11:01:26 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/07/17 11:01:26 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/30 20:04:54 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/11 13:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/28 14:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 14:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/28 14:54:50 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/07/10 15:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 14:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 14:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 14:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/09 22:21:54 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/09 21:58:42 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/08 20:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/03/02 09:41:26 | 000,268,872 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/08/28 20:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/07/24 18:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 12:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080529
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080529


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080529
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080529
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Michael_Morin_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_Morin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\Mike_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Other_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/05 08:45:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 11:45:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 11:45:18 | 000,000,000 | ---D | M]

[2008/12/23 01:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\Michael_Morin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Michael_Morin_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\Mike_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Other_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Michael_Morin_ON_C..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - HKU\Mike_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Other_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Other_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Michael Morin\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Documents and Settings\Michael Morin\Start Menu\Programs\Startup\eFax 4.4.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Michael_Morin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mike_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} https://wfh.rcom.com/downloads/VMware-vdmclient.cab (VMware_VDM_Client Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.242 68.87.71.226 192.168.1.1 68.87.73.242 68.87.71.226
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Michael_Morin_ON_C Winlogon: Shell - (C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe) - C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/23 22:48:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\My Documents
[2010/11/23 22:48:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2010/11/15 14:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Powercinema
[2010/11/15 14:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\CyberLink
[2010/11/15 14:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Sony Corporation
[2010/11/15 11:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\NEW-Receipts
[2010/11/14 21:25:43 | 000,000,000 | ---D | C] -- C:\Backups of Michael Morin account
[2010/11/14 21:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\New Folder
[2010/11/14 21:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Macromedia
[2010/11/14 20:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Adobe
[2010/11/14 20:47:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\PrivacIE
[2010/11/14 20:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Google
[2010/11/14 20:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\HPAppData
[2010/11/14 20:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Yahoo!
[2010/11/14 20:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Apple Computer
[2010/11/14 20:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\ArcSoft
[2010/11/14 20:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Apple Computer
[2010/11/14 20:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\SupportSoft
[2010/11/14 20:45:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\IETldCache
[2010/11/14 20:45:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mike\Application Data\Microsoft
[2010/11/14 20:45:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\SendTo
[2010/11/14 20:45:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\Recent
[2010/11/14 20:45:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\Application Data
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\Start Menu
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\My Documents\My Videos
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\My Documents\My Pictures
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\My Documents\My Music
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\My Documents
[2010/11/14 20:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\Favorites
[2010/11/14 20:45:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\Cookies
[2010/11/14 20:45:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mike\Templates
[2010/11/14 20:45:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mike\PrintHood
[2010/11/14 20:45:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mike\NetHood
[2010/11/14 20:45:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mike\Local Settings
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Sun
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\My Google Gadgets
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\MediaDirect
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\InstallShield
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Identities
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Google
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\BVRP Software
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\ApplicationHistory
[2010/11/14 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Adobe
[2010/11/11 11:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Morin\Application Data\Malwarebytes
[2010/11/11 11:49:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/11 11:49:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/11 11:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 15:14:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 15:14:01 | 000,015,308 | ---- | M] () -- C:\WINDOWS\System32\535.js
[2010/11/15 15:14:01 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/15 15:05:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{28999193-381B-4368-B72A-7B43EA5F7616}.job
[2010/11/15 12:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/15 11:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 11:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/15 10:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/15 09:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/15 08:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/15 07:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/15 06:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/15 05:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/15 04:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/15 03:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/15 02:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/15 01:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/15 00:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/14 23:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/14 22:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/14 21:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/14 20:46:55 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2010/11/14 20:46:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/14 20:46:01 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Windows Media Player.lnk
[2010/11/14 20:41:46 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/14 19:36:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/14 19:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/14 18:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/14 17:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/14 16:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/14 14:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/11 15:26:56 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/11/11 15:26:44 | 000,509,282 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/11 15:26:44 | 000,092,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/11 15:26:39 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/11/11 15:24:53 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\completescan
[2010/11/11 14:36:15 | 3210,780,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 13:58:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/11 11:49:21 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/11 11:25:36 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/11/11 02:15:43 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\start
[2010/11/11 02:01:58 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Desktop\ThinkPoint.lnk
[2010/11/11 02:01:58 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\install
[2010/11/11 01:59:54 | 000,559,104 | ---- | M] () -- C:\Documents and Settings\Michael Morin\Application Data\hotfixa
[2010/11/07 21:37:00 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/05 21:52:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 15:14:01 | 000,015,308 | ---- | C] () -- C:\WINDOWS\System32\535.js
[2010/11/14 20:47:03 | 002,997,744 | ---- | C] () -- C:\Documents and Settings\Mike\ProductContext1400.log
[2010/11/14 20:46:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2010/11/14 20:46:38 | 003,012,700 | ---- | C] () -- C:\Documents and Settings\Mike\ProductContext5600.log
[2010/11/14 20:46:01 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Windows Media Player.lnk
[2010/11/14 20:45:53 | 000,014,374 | ---- | C] () -- C:\Documents and Settings\Mike\msi.log
[2010/11/14 20:45:53 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/14 20:45:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/14 20:45:53 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/11 12:23:48 | 3210,780,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/11 11:49:21 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/11 02:15:43 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\start
[2010/11/11 02:08:58 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\completescan
[2010/11/11 02:01:58 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Desktop\ThinkPoint.lnk
[2010/11/11 02:01:58 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\install
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/11 01:59:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/11 01:59:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/11 01:59:54 | 000,559,104 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\hotfixa
[2010/11/11 01:59:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/11 01:59:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/11 01:59:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/11 01:59:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/11 01:59:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/08/05 22:34:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\mpauth.dat
[2010/03/19 07:29:42 | 003,012,772 | ---- | C] () -- C:\Documents and Settings\Other\ProductContext5600.log
[2010/03/02 21:21:33 | 002,998,364 | ---- | C] () -- C:\Documents and Settings\Michael Morin\ProductContext1400.log
[2009/08/29 17:16:14 | 003,013,324 | ---- | C] () -- C:\Documents and Settings\Michael Morin\ProductContext5600.log
[2009/07/30 10:29:55 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/07/27 20:34:28 | 002,997,816 | ---- | C] () -- C:\Documents and Settings\Other\ProductContext1400.log
[2009/06/15 18:48:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Other\Ÿ9Ÿ9
[2009/05/30 23:29:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Ÿ9Ÿ9
[2009/04/16 12:33:36 | 000,056,794 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/04/16 12:33:36 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/04/03 10:39:26 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Michael Morin\linksys conn info.txt
[2009/01/02 15:31:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/11/15 14:38:20 | 000,002,206 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Application Data\HPSU_48BitScanUpdate.log
[2008/11/15 14:38:20 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/08/22 12:45:32 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Other\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/21 20:10:32 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Other\default.pls
[2008/07/10 20:19:20 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Michael Morin\default.pls
[2008/07/10 15:11:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/25 19:26:34 | 000,014,374 | ---- | C] () -- C:\Documents and Settings\Other\msi.log
[2008/06/08 01:59:16 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Michael Morin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/05 15:04:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/05 12:40:30 | 000,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/06/04 22:37:44 | 000,014,374 | ---- | C] () -- C:\Documents and Settings\Michael Morin\msi.log
[2008/06/04 22:36:14 | 000,014,374 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\msi.log
[2008/05/29 11:37:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/29 11:27:19 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/05/29 11:16:34 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/29 11:16:32 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/29 10:51:30 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/29 10:51:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/05/29 10:51:28 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/05/29 10:50:04 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/04/28 10:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\BitTorrent
[2009/04/28 10:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\DNA
[2010/11/11 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\Dropbox
[2009/01/15 02:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\eFax Messenger
[2009/01/15 02:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\j2 Global
[2009/07/13 23:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\NewsBin
[2008/06/05 15:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\OfficeUpdate12
[2008/06/05 12:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\RegisterVPN
[2008/10/09 19:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\tmp
[2009/06/19 00:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Morin\Application Data\Uniblue
[2008/08/21 20:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Other\Application Data\Newsbin
[2008/12/30 16:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Other\Application Data\Unity
[2010/11/15 00:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/15 09:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/15 10:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/15 12:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/15 11:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/11 13:58:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/14 14:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/14 16:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/15 15:14:01 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/14 20:41:46 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/14 22:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/15 02:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/14 19:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/14 18:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/14 23:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/14 21:14:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/14 17:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/15 04:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/15 01:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/15 03:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/15 06:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/15 05:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/15 07:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/15 08:14:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/11/15 15:05:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{28999193-381B-4368-B72A-7B43EA5F7616}.job

========== Purity Check ==========


< End of report >

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    ThinkPoint - now will not even boot up CF_download_FF

    ThinkPoint - now will not even boot up CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    ThinkPoint - now will not even boot up Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    ThinkPoint - now will not even boot up Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
When running combofix it gets an error saying: "You appear to have a corrupt download. Please download a fresh copy of ComboFix.exe"

I get this error with both links you have above.

Please advise.

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
Did you try downloading a fresh copy?

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
Yes. I downloaded fresh copies from the two links you provided.

Are there any other downloads sites that are safe?

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
Please run OTLPE.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O20 - HKU\Michael_Morin_ON_C Winlogon: Shell - (C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe) - C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe File not found
    [2010/11/15 15:14:01 | 000,015,308 | ---- | M] () -- C:\WINDOWS\System32\535.js

    :files
    C:\WINDOWS\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
========== OTL ==========
Registry value HKEY_USERS\Michael_Morin_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Michael Morin\Application Data\hotfix.exe deleted successfully.
C:\WINDOWS\system32\535.js moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.

OTLPE by OldTimer - Version 3.1.43.0 log created on 11302010_133956

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
Please try Combofix again now OTLPE removed the upfront infection.

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
I am back to where I was on post 5 where combofix says:

"You appear to have a corrupt download. Please download a fresh copy of ComboFix.exe"

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Please remember to post both logs.

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
Both of these tools fail on my system. Please advise.

Here is the output from each:

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x0080000e

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 848604FBDB02A2F8193090DD8D99F2A9F3F4192C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

===================================================

TDSSKiller:

Can't initialize log.
Can't load driver.

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
Hello.

Re-Run MBRCheck.exe


  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    and then press Enter.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
Got error again. Here is screen output:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: C:\tmp\OTL.Txt
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x00800006

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 848604FBDB02A2F8193090DD8D99F2A9F3F4192C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: Y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 1

Enter the physical disk number to dump (0-99, -1 to exit): 0
Dumping \\.\PhysicalDisk0...
Enter filename to dump to: dump.dat
Error opening output file (0)!

Enter the physical disk number to dump (0-99, -1 to exit):

descriptionThinkPoint - now will not even boot up EmptyRe: ThinkPoint - now will not even boot up

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum