GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


Think Point - Help!

2 posters

descriptionThink Point - Help! EmptyThink Point - Help!19th October 2010, 9:16 am

more_horiz
Hi, Hope you can help!

Think Point has got total control of my PC. I can't start in safe or normal mode, can't get to my desktop, get on the internet, anything. Shafted, basically. I've seen the advice to download OTL (?) but as I say - no chance...

Please help!

Cheers, TeeDee Smile...

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 9:21 am

more_horiz
Hi I take it you have access to a clean computer? Please obtain a portable USB flash drive to transfer tools from the clean computer to the infected machine.

Download the tools then do the following in Safe Mode:

1.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr

Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Once the tool has run, do NOT reboot the machine. Try immediately to run OTL (step 2)


2.


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.




Please transfer logs to your USB again and back to the clean computer to post.

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 9:37 am

more_horiz
Thanks for helping! Smile...

Is that Safe Mode with Networking?

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 9:50 am

more_horiz
teedee wrote:
Thanks for helping! Smile...

Is that Safe Mode with Networking?


Well, I went for SM with Networking. But how do I get the files from the flash drive onto the infected computer. Nothing happens when I plug it in, and all I have access to is the Task Manager, other than that I have the Think Point screen asking me to start in safe mode..... Sad tearing

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 10:09 am

more_horiz
Hi,

Please try in just plane old Safe Mode. Thanks.

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 10:23 am

more_horiz
Sorry, still in networking but got the logs Smile...


OTL logfile created on: 19/10/2010 11:15:40 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\TIM\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 337.96 Gb Free Space | 74.99% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.74 Gb Free Space | 64.94% Space Free | Partition Type: NTFS
Drive J: | 241.96 Mb Total Space | 32.17 Mb Free Space | 13.30% Space Free | Partition Type: FAT

Computer Name: HOME-PC | User Name: TIM | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\TIM\Desktop\OTL.exe (OldTimer Tools)


========== Modules (SafeList) ==========

MOD - C:\Users\TIM\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SCM_Service) -- C:\Windows\System32\WinService.exe ()


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTL8187) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (SCMNdisP) -- C:\Windows\system32\DRIVERS\scmndisp.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/09/27 16:16:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/03 17:08:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/03 17:08:21 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Dzemegefimifetel] C:\Users\TIM\AppData\Local\KBDLT12.DLL ()
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Izoxavasam] C:\Users\TIM\AppData\Local\ifabedidayiyuk.DLL (MPC-HC Team)
O4 - HKCU..\Run: [uzofel] C:\Users\TIM\AppData\Roaming\Microsoft\Windows\Global\uzofel.exe ()
O4 - HKCU..\Run: [wxsneacomr.exe] C:\Users\TIM\AppData\Local\Temp\wxsneacomr.exe File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} http://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\TIM\AppData\Roaming\hotfix.exe) - C:\Users\TIM\AppData\Roaming\hotfix.exe ()
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\TIM\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\TIM\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/19 11:04:55 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\TIM\Desktop\OTL.exe
[2010/10/18 23:53:33 | 000,000,000 | ---D | C] -- C:\Users\TIM\AppData\Local\{F8A60C09-4CCD-47C3-8D1C-DBC23224EF78}
[2010/10/18 23:42:22 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/10/18 23:41:45 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/18 23:40:50 | 000,000,000 | ---D | C] -- C:\Users\TIM\AppData\Roaming\B3B9DB4707079D52592352E3A5481C8B
[2010/10/14 14:12:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/10/14 13:57:16 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/10/14 13:57:15 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/10/14 13:57:15 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/10/14 13:57:14 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/10/14 13:57:10 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/10/14 13:56:31 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/14 13:56:29 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/10/14 13:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/14 13:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/14 08:26:51 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 08:26:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/14 08:26:15 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 08:26:10 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 08:26:10 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 08:26:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 08:26:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/14 08:26:09 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 08:26:09 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 08:26:09 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 08:26:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 08:26:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 08:26:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/14 08:26:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/14 08:26:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/14 08:26:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/14 08:26:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/14 08:26:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 08:26:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 08:26:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 08:26:05 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 08:26:05 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 08:26:03 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 08:26:01 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/14 08:25:59 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/10 09:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/10/02 23:20:01 | 000,000,000 | ---D | C] -- C:\Users\TIM\Documents\yWriter Projects
[2010/10/02 23:19:24 | 000,000,000 | ---D | C] -- C:\Users\TIM\AppData\Roaming\Spacejock Software
[2010/10/02 23:18:57 | 000,000,000 | ---D | C] -- C:\Users\TIM\Documents\yWriter5 Sample
[2010/10/02 23:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\yWriter5
[2010/10/01 20:00:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/09/17 07:48:38 | 000,192,512 | ---- | C] (MPC-HC Team) -- C:\Users\TIM\AppData\Local\ifabedidayiyuk.dll

========== Files - Modified Within 30 Days ==========

[2010/10/19 11:04:56 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\TIM\Desktop\OTL.exe
[2010/10/19 10:42:07 | 000,602,924 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/19 10:42:07 | 000,106,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/19 10:36:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/19 10:35:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 10:35:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 10:14:08 | 000,000,006 | ---- | M] () -- C:\Users\TIM\AppData\Roaming\completescan
[2010/10/19 10:08:08 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/19 09:40:05 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/19 09:40:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-136451748-926823148-2315087893-1000UA.job
[2010/10/18 23:53:35 | 000,000,120 | ---- | M] () -- C:\Users\TIM\AppData\Local\Tvusax.dat
[2010/10/18 23:53:35 | 000,000,000 | ---- | M] () -- C:\Users\TIM\AppData\Local\Aqetoqeziw.bin
[2010/10/18 23:51:44 | 000,000,006 | ---- | M] () -- C:\Users\TIM\AppData\Roaming\start
[2010/10/18 23:42:58 | 000,000,010 | ---- | M] () -- C:\Users\TIM\AppData\Roaming\install
[2010/10/18 23:42:21 | 000,000,172 | ---- | M] () -- C:\Users\TIM\AppData\Roaming\31971.bat
[2010/10/18 23:42:20 | 000,511,488 | ---- | M] () -- C:\Users\TIM\AppData\Roaming\hotfix.exe
[2010/10/18 21:41:18 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BBE22A44-EFEE-4C35-ADEA-2CED6CF12A00}.job
[2010/10/18 20:14:03 | 000,021,000 | ---- | M] () -- C:\Users\TIM\Desktop\Project proposal Draft.docx
[2010/10/18 20:10:54 | 000,026,967 | ---- | M] () -- C:\Users\TIM\Desktop\Project proposal Notes.docx
[2010/10/18 19:40:00 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-136451748-926823148-2315087893-1000Core.job
[2010/10/18 13:28:58 | 000,351,007 | ---- | M] () -- C:\Users\TIM\Desktop\What Happens in the Brain to Cause the Transformation From Healthy Aging to AD.mht
[2010/10/15 09:52:32 | 000,001,356 | ---- | M] () -- C:\Users\TIM\AppData\Local\d3d9caps.dat
[2010/10/14 19:50:37 | 000,016,921 | ---- | M] () -- C:\Users\TIM\Desktop\Gibb's 141010.docx
[2010/10/14 14:18:21 | 000,295,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/14 14:12:16 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/10/14 13:57:16 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/14 13:57:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/13 18:28:19 | 000,213,797 | ---- | M] () -- C:\Users\TIM\Desktop\doh dementia.pdf
[2010/10/11 22:03:53 | 000,066,978 | ---- | M] () -- C:\Users\TIM\Desktop\The_guidelines_manual_2009_-_Chapter_6_Reviewing_the_evidence.pdf
[2010/10/11 20:42:18 | 001,341,968 | ---- | M] () -- C:\Users\TIM\Desktop\NICE - Dementia.pdf
[2010/10/10 18:10:17 | 000,036,196 | ---- | M] () -- C:\Users\TIM\Desktop\weekly_calendar_02.jpg
[2010/10/08 14:07:14 | 000,308,224 | ---- | M] () -- C:\Users\TIM\Documents\Handbook%202010-11%20Project%20Proposal[2].doc
[2010/10/08 14:02:19 | 000,083,968 | ---- | M] () -- C:\Users\TIM\Desktop\Handbook%20Project%202010-11[1].doc
[2010/10/08 14:00:04 | 000,090,112 | ---- | M] () -- C:\Users\TIM\Desktop\Handbook%202010-110[1].doc
[2010/10/08 12:40:36 | 000,011,297 | ---- | M] () -- C:\Users\TIM\Documents\NOTIFICATION OF PROPOSED STUDY AND METHOD[1].docx
[2010/10/06 20:17:50 | 000,174,592 | ---- | M] () -- C:\Users\TIM\Desktop\oct2010 scas.xls
[2010/10/02 23:18:58 | 000,000,766 | ---- | M] () -- C:\Users\TIM\Desktop\yWriter5.lnk
[2010/09/24 08:19:35 | 000,002,034 | ---- | M] () -- C:\Users\TIM\Desktop\Google Chrome.lnk
[2010/09/24 08:19:35 | 000,001,996 | ---- | M] () -- C:\Users\TIM\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2010/10/18 23:53:35 | 000,000,120 | ---- | C] () -- C:\Users\TIM\AppData\Local\Tvusax.dat
[2010/10/18 23:53:35 | 000,000,000 | ---- | C] () -- C:\Users\TIM\AppData\Local\Aqetoqeziw.bin
[2010/10/18 23:51:44 | 000,000,006 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\start
[2010/10/18 23:48:23 | 000,000,006 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\completescan
[2010/10/18 23:42:58 | 000,000,010 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\install
[2010/10/18 23:42:21 | 000,000,172 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\31971.bat
[2010/10/18 23:42:20 | 000,511,488 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\hotfix.exe
[2010/10/18 17:21:03 | 000,021,000 | ---- | C] () -- C:\Users\TIM\Desktop\Project proposal Draft.docx
[2010/10/18 16:25:36 | 000,026,967 | ---- | C] () -- C:\Users\TIM\Desktop\Project proposal Notes.docx
[2010/10/18 13:28:56 | 000,351,007 | ---- | C] () -- C:\Users\TIM\Desktop\What Happens in the Brain to Cause the Transformation From Healthy Aging to AD.mht
[2010/10/14 19:50:37 | 000,016,921 | ---- | C] () -- C:\Users\TIM\Desktop\Gibb's 141010.docx
[2010/10/14 14:12:16 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/10/14 13:57:16 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/13 18:28:19 | 000,213,797 | ---- | C] () -- C:\Users\TIM\Desktop\doh dementia.pdf
[2010/10/11 22:03:53 | 000,066,978 | ---- | C] () -- C:\Users\TIM\Desktop\The_guidelines_manual_2009_-_Chapter_6_Reviewing_the_evidence.pdf
[2010/10/11 20:42:18 | 001,341,968 | ---- | C] () -- C:\Users\TIM\Desktop\NICE - Dementia.pdf
[2010/10/10 18:11:41 | 000,036,196 | ---- | C] () -- C:\Users\TIM\Desktop\weekly_calendar_02.jpg
[2010/10/08 14:07:13 | 000,308,224 | ---- | C] () -- C:\Users\TIM\Documents\Handbook%202010-11%20Project%20Proposal[2].doc
[2010/10/08 14:02:18 | 000,083,968 | ---- | C] () -- C:\Users\TIM\Desktop\Handbook%20Project%202010-11[1].doc
[2010/10/08 14:00:03 | 000,090,112 | ---- | C] () -- C:\Users\TIM\Desktop\Handbook%202010-110[1].doc
[2010/10/08 12:40:36 | 000,011,297 | ---- | C] () -- C:\Users\TIM\Documents\NOTIFICATION OF PROPOSED STUDY AND METHOD[1].docx
[2010/10/05 22:29:29 | 000,174,592 | ---- | C] () -- C:\Users\TIM\Desktop\oct2010 scas.xls
[2010/10/02 23:18:58 | 000,000,766 | ---- | C] () -- C:\Users\TIM\Desktop\yWriter5.lnk
[2010/07/19 22:05:09 | 000,139,152 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\PnkBstrK.sys
[2010/07/19 22:05:09 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/12/30 19:54:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/11/18 11:11:12 | 000,000,058 | ---- | C] () -- C:\Users\TIM\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/10/20 11:05:55 | 000,006,902 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/17 07:48:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 07:48:38 | 000,077,312 | ---- | C] () -- C:\Users\TIM\AppData\Local\KBDLT12.dll
[2009/09/10 18:44:20 | 000,003,424 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\wklnhst.dat
[2009/09/09 13:34:37 | 000,001,356 | ---- | C] () -- C:\Users\TIM\AppData\Local\d3d9caps.dat
[2009/08/31 01:07:58 | 000,050,176 | ---- | C] () -- C:\Users\TIM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/05 01:19:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/07/25 22:34:34 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Ahug
[2010/10/18 23:40:50 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\B3B9DB4707079D52592352E3A5481C8B
[2009/11/18 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\DonationCoder
[2009/12/30 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Epson
[2010/07/22 23:33:08 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Hauzb
[2010/10/14 14:16:44 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Kuomt
[2010/07/03 18:38:28 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Nokia
[2010/02/21 17:07:04 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Osax
[2009/09/04 21:14:14 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Ovce
[2009/11/12 21:45:56 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\PC Suite
[2010/08/16 21:41:25 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Puofu
[2010/10/02 23:19:24 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Spacejock Software
[2009/09/10 18:44:21 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Template
[2010/09/19 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\TS3Client
[2009/09/22 04:49:22 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Watuyd
[2010/02/22 00:03:59 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Xiypxo
[2010/10/14 14:16:44 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Ykac
[2010/10/14 11:27:10 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Ykeca
[2010/10/19 10:35:08 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/18 21:41:18 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BBE22A44-EFEE-4C35-ADEA-2CED6CF12A00}.job

========== Purity Check ==========



< End of report >

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 10:25 am

more_horiz
OTL Extras logfile created on: 19/10/2010 11:15:40 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\TIM\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 337.96 Gb Free Space | 74.99% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.74 Gb Free Space | 64.94% Space Free | Partition Type: NTFS
Drive J: | 241.96 Mb Total Space | 32.17 Mb Free Space | 13.30% Space Free | Partition Type: FAT

Computer Name: HOME-PC | User Name: TIM | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{499D66F5-2559-41C5-A1E6-C2117BA3139C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA331F89-1F94-42D8-AC0E-B82C223C86A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D75F3C-D125-481E-AA3B-53BEB52812DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{017141EC-B0E5-4B2E-9BD7-1B43E3B5F905}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{06D450A3-BA7F-4F6A-BA4C-2A5CCFD98C65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{0C31E9FF-26AD-471F-99E7-62F36CFD7048}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{2B0ABFAA-D0AC-4BCD-B45C-C7C20108A70D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{4235C4A0-5198-4F1A-9DF7-912944231503}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{42E87318-9CF8-44FB-889B-48B9B7156393}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{47E08645-11BE-4D3F-83DF-FD712148A68D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{52815F4A-9512-43E0-9B8A-2F9CF2C9F235}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{573D75C3-00C2-450F-BDA6-5B8F9E1969E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{67AF238B-FF66-4FC8-9D44-54DB44893085}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{961E0CCF-907E-4722-B30D-2D48972153A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A16493E1-889B-462E-8DAE-70AEE0EA5FAC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B9304FE4-37E3-48B9-AF4A-34642D8FD700}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BAA786CC-A00C-42E2-9779-DD0B6A8AE28C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BAFC5A38-7F95-442F-A77E-9403003982BC}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{C2E3078F-1ED8-47C2-AC37-FCFDAEF05235}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C2EB952A-CBD1-45CD-8C5B-D4836AFCC7E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{C3961CDE-3454-497D-8A73-776DF78263D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{CCCB5371-A7E4-4593-BD66-C2BED6044788}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{CF32C8F4-ABD9-4009-953F-BF403AB01C44}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E1670C02-AFFC-4F9E-9B92-B6EF2C2BFA7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{E8F47A96-83CD-4D10-9BEF-40B06C76871C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EB855A86-4614-480D-8E28-2F96683045F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{F4DE317D-13F6-460F-B139-8BB5139D13D7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F52211C8-CCA0-465C-87B5-CE51C7A9ED2B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"TCP Query User{8ABD0731-6F52-4669-95FF-8C517766681B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{C49D5C79-D19A-4A5A-B550-C6F6CB7D2227}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{356F28CD-21A3-4E84-915B-6F8D48E7F33A}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{C00C1DF0-9612-419A-874E-B6AC44655D6D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B01FD07-1790-4EE9-B5E0-149527D70C7D}" = Nokia Ovi Suite
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FCC07EEA-FA18-4A21-9105-9666603C6885}" = McAfee Virtual Technician
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"Gadwin PrintScreen" = Gadwin PrintScreen
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"PunkBusterSvc" = PunkBuster Services
"ScreenshotCaptor_is1" = Screenshot Captor 2.76.01
"ST6UNST #1" = OU eTMA File Handler
"Super Screen Capture_is1" = Super Screen Capture 4.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"yWriter5_is1" = yWriter5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Power Loader" = Power Challenge Game Plugin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/10/2010 03:20:39 | Computer Name = HOME-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33042011

Error - 13/10/2010 03:20:40 | Computer Name = HOME-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/10/2010 03:20:40 | Computer Name = HOME-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33043009

Error - 13/10/2010 03:20:40 | Computer Name = HOME-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33043009

Error - 13/10/2010 03:20:41 | Computer Name = HOME-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/10/2010 03:20:41 | Computer Name = HOME-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33044007

Error - 13/10/2010 03:20:41 | Computer Name = HOME-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33044007

Error - 13/10/2010 03:20:42 | Computer Name = HOME-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/10/2010 03:20:42 | Computer Name = HOME-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33045021

Error - 13/10/2010 03:20:42 | Computer Name = HOME-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33045021

[ System Events ]
Error - 19/10/2010 04:18:33 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 19/10/2010 04:27:50 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 19/10/2010 04:27:50 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 19/10/2010 04:27:50 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 19/10/2010 04:27:56 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 19/10/2010 04:27:56 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 19/10/2010 05:08:02 | Computer Name = HOME-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:40:26 on 19/10/2010 was unexpected.

Error - 19/10/2010 05:37:58 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/10/2010 05:37:58 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 19/10/2010 06:13:31 | Computer Name = HOME-PC | Source = DCOM | ID = 10005
Description =


< End of report >

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 10:34 am

more_horiz
Hi teedee,

Please continue in safe mode with networking. Step 1 should allow you to boot into normal mode and continue to step 2.

Step 1:

Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [] File not found
    O4 - HKCU..\Run: [Dzemegefimifetel] C:\Users\TIM\AppData\Local\KBDLT12.DLL ()
    O4 - HKCU..\Run: [wxsneacomr.exe] C:\Users\TIM\AppData\Local\Temp\wxsneacomr.exe File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O20 - HKCU Winlogon: Shell - (C:\Users\TIM\AppData\Roaming\hotfix.exe) - C:\Users\TIM\AppData\Roaming\hotfix.exe ()
    [2010/10/18 23:42:21 | 000,000,172 | ---- | M] () -- C:\Users\TIM\AppData\Roaming\31971.bat
    [2010/10/18 23:42:20 | 000,511,488 | ---- | M] () -- C:\Users\TIM\AppData\Roaming\hotfix.exe
    [2010/10/18 23:53:35 | 000,000,120 | ---- | C] () -- C:\Users\TIM\AppData\Local\Tvusax.dat
    [2010/10/18 23:53:35 | 000,000,000 | ---- | C] () -- C:\Users\TIM\AppData\Local\Aqetoqeziw.bin
    [2010/10/18 23:51:44 | 000,000,006 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\start
    [2010/10/18 23:48:23 | 000,000,006 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\completescan
    [2010/10/18 23:42:58 | 000,000,010 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\install



    :Commands
    [purity]
    [emptytemp]
    [emptyflash]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.



Step 2:

Please download Malwarebytes' AntiMalware.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



Please post:
  • The log from OTL.
  • The MBAM log.


Thanks.

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 10:48 am

more_horiz
Ignore! Now rebooting.

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 10:55 am

more_horiz
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Dzemegefimifetel not found.
File C:\Users\TIM\AppData\Local\KBDLT12.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wxsneacomr.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\TIM\AppData\Roaming\hotfix.exe deleted successfully.
File C:\Users\TIM\AppData\Roaming\hotfix.exe not found.
File C:\Users\TIM\AppData\Roaming\31971.bat not found.
File C:\Users\TIM\AppData\Roaming\hotfix.exe not found.
File C:\Users\TIM\AppData\Local\Tvusax.dat not found.
File C:\Users\TIM\AppData\Local\Aqetoqeziw.bin not found.
File C:\Users\TIM\AppData\Roaming\start not found.
File C:\Users\TIM\AppData\Roaming\completescan not found.
File C:\Users\TIM\AppData\Roaming\install not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TIM
->Temp folder emptied: 521441769 bytes
->Temporary Internet Files folder emptied: 280165712 bytes
->Java cache emptied: 13650444 bytes
->Google Chrome cache emptied: 19378278 bytes
->Flash cache emptied: 57496 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 215369522 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 856245113 bytes

Total Files Cleaned = 1,818.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: TIM
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10192010_114418

Files\Folders moved on Reboot...
File\Folder C:\Users\TIM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03O0QX8C\01[1].htm not found!
File\Folder C:\Users\TIM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03O0QX8C\Results[1].htm not found!
File\Folder C:\Users\TIM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03O0QX8C\think-point-help-t24250[3].htm not found!

Registry entries deleted on Reboot...

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 11:32 am

more_horiz
So far so good Smile... Currently doing full scan with MalwareBytes...

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 12:17 pm

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4879

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

19/10/2010 13:17:03
mbam-log-2010-10-19 (13-17-03).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 268438
Time elapsed: 55 minute(s), 14 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
C:\Users\Public\Documents\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uzofel (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\izoxavasam (Trojan.Agent.U) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Public\Documents\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Delete on reboot.
C:\Users\TIM\AppData\Roaming\Microsoft\Windows\Global\uzofel.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\TIM\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\TIM\AppData\Roaming\Osax\ocucc.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\TIM\AppData\Roaming\Ovce\foixi.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\TIM\AppData\Roaming\Watuyd\yqso.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\10192010_114005\C_Users\TIM\AppData\Local\KBDLT12.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\10192010_114005\C_Users\TIM\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Delete on reboot.
C:\Users\TIM\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\TIM\AppData\Local\ifabedidayiyuk.dll (Trojan.Agent.U) -> Delete on reboot.

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 12:36 pm

more_horiz
That seems to have worked! Rejoice!

Thanks a million TheAvatar, you're a legend! Smile...

One small thing, on reboot I get a RunDLL error for ifabedidayiyuk.dll
- "The specified module could not be found."
Any thoughts?

descriptionThink Point - Help! EmptyRe: Think Point - Help!19th October 2010, 9:37 pm

more_horiz
Hi teedee,

That is great, we still have a little more work to do however Smile... Please stick with me till I give you the all clean.

Step 1:


  • To get the latest version of Java please go HERE.
  • Go to Start -> Control Panel -> Programs and Features.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Think Point - Help! Javaicon
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.



Step 2:

REMOVED


Step 3:

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Think Point - Help! KasReport


  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply



Please post the Kaspersky log.

descriptionThink Point - Help! EmptyRe: Think Point - Help!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum