GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


thinkpoint

2 posters

descriptionthinkpoint Emptythinkpoint20th October 2010, 8:20 pm

more_horiz
All proposed solutions to remove thinkpoint seem to address the problem on a machine that can still access internet. For my part, Thinkpoint has taken over my laptop and is not allowing the destop to appear, nor internet connection. HELP PLEEEEEASE!!!!!!

descriptionthinkpoint EmptyRe: thinkpoint20th October 2010, 9:42 pm

more_horiz
Hi sabrine1,

Welcome to GeekPolice.net thinkpoint Smiley-greet024

My name is TheAvatar and I will be tying to help you resolve your issues.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you haven't, please keep reading.
Note Before we start the process you should:

  • POST your logs, don't attach them, as it makes it harder to read.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Please be patient, there is no quick fix for malware. Removal can take several attempts. Just because symptoms have gone away, does not mean the infection is gone.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.
  • If I have not replied to your thread within 2 days, please PM me.


=========

I take it you have access to another computer and a USB flash drive? If not please inform me. I want you to download these tools off the clean computer onto the flash drive. Then execute them in safe mode. Thanks.


Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

1.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr

Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Once the tool has run, do NOT reboot the machine. Try immediately to run OTL (step 2)

2.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.




Please post all logs.

descriptionthinkpoint EmptyWell I think it did it21st October 2010, 1:32 am

more_horiz
I will have to restart and see what happens.
Thanks for now
OTL logfile created on: 10/20/2010 6:20:05 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Sabrina\Pictures
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.35 Gb Total Space | 58.81 Gb Free Space | 42.81% Space Free | Partition Type: NTFS
Drive D: | 11.70 Gb Total Space | 2.00 Gb Free Space | 17.13% Space Free | Partition Type: NTFS
Drive G: | 486.96 Mb Total Space | 2.88 Mb Free Space | 0.59% Space Free | Partition Type: FAT

Computer Name: SABRINA-PC | User Name: Sabrina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sabrina\Pictures\OTL.com (OldTimer Tools)
PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Sabrina\Pictures\OTL.com (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.464
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/22 05:35:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 18:00:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 18:00:59 | 000,000,000 | ---D | M]

[2008/06/27 21:05:12 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Mozilla\Extensions
[2010/10/13 20:30:42 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9lucppiq.default\extensions
[2009/08/08 11:24:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9lucppiq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 21:15:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9lucppiq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/02 20:27:18 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9lucppiq.default\extensions\LogMeInClient@logmein.com
[2010/09/10 16:15:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/22 06:07:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/10 16:15:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/07 21:31:27 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{363F67BC-E2E1-2C93-6E29-CFC7F2E86845}] C:\Users\Sabrina\AppData\Roaming\Egdae\onule.exe ()
O4 - HKCU..\Run: [Dwute] C:\Users\Sabrina\AppData\Local\nerosds.DLL ()
O4 - HKCU..\Run: [mownsaxcer.exe] C:\Users\Sabrina\AppData\Local\Temp\mownsaxcer.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Sabrina\AppData\Roaming\hotfix.exe) - C:\Users\Sabrina\AppData\Roaming\hotfix.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 23:28:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/08/04 17:00:14 | 000,000,038 | ---- | M] () - G:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{08043ccd-dc6b-11de-b056-001e6854a02e}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{08043ccd-dc6b-11de-b056-001e6854a02e}\Shell\phone\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{61918546-87f1-11de-a42a-001e6854a02e}\Shell\AutoRun\command - "" = G:\ -- File not found
O33 - MountPoints2\{e641d696-465d-11dd-afd4-001e6854a02e}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\G\Shell\phone\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/19 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Egdae
[2010/10/19 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Ahevl
[2010/10/19 21:22:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/10/19 21:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/10/19 21:21:44 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/19 21:21:39 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\D774B8DF1506404D795915E5CB4292B6
[2010/10/13 14:52:24 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 14:52:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 14:51:52 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 14:51:44 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 14:51:44 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 14:51:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 14:51:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/13 14:51:41 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 14:51:41 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 14:51:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 14:51:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 14:51:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/13 14:51:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/13 14:51:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/13 14:51:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/13 14:51:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 14:51:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 14:51:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 14:51:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/13 14:51:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 14:51:35 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 14:51:35 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 14:51:33 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 14:51:30 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 14:51:28 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/03 15:26:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/28 21:03:27 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\vlc
[2010/09/28 21:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2007/12/14 17:09:02 | 000,217,088 | ---- | C] ( ) -- C:\Users\Sabrina\AppData\Local\Interop.Microsoft.Office.Core.dll
[2007/08/09 16:50:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Users\Sabrina\AppData\Local\stdole.dll

========== Files - Modified Within 30 Days ==========

[2010/10/20 18:25:08 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{08B36D07-8E22-4DE6-BB54-E25FD678DC0F}.job
[2010/10/20 18:14:41 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/20 18:10:39 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/20 18:10:39 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/20 18:05:49 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
[2010/10/20 18:04:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/20 18:04:35 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/20 18:04:35 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/20 18:04:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/20 18:04:25 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/20 13:16:47 | 000,001,356 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\d3d9caps.dat
[2010/10/20 12:37:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/19 21:23:17 | 000,000,010 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\install
[2010/10/19 21:22:30 | 000,000,184 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\43984.bat
[2010/10/19 21:22:29 | 000,513,536 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\hotfix.exe
[2010/10/19 21:22:20 | 000,000,184 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\42113.bat
[2010/10/19 06:42:23 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\FileCure.job
[2010/10/16 07:30:07 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/10/16 06:54:15 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSabrina.job
[2010/10/14 03:25:24 | 000,338,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/03 21:14:15 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/10/03 15:18:40 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/03 15:18:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/02 17:13:08 | 000,023,793 | ---- | M] () -- C:\Users\Sabrina\Documents\globaleyeglasses-com--shot-2.jpg
[2010/09/30 06:17:51 | 000,010,782 | ---- | M] () -- C:\Users\Sabrina\Documents\monthly bills.odt
[2010/09/28 21:03:10 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/09/25 10:18:06 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2010/10/20 18:04:25 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/19 21:23:17 | 000,000,010 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\install
[2010/10/19 21:22:30 | 000,000,184 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\43984.bat
[2010/10/19 21:22:20 | 000,000,184 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\42113.bat
[2010/10/19 21:22:19 | 000,513,536 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\hotfix.exe
[2010/10/03 21:14:15 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/10/02 17:13:07 | 000,023,793 | ---- | C] () -- C:\Users\Sabrina\Documents\globaleyeglasses-com--shot-2.jpg
[2010/09/30 06:17:50 | 000,010,782 | ---- | C] () -- C:\Users\Sabrina\Documents\monthly bills.odt
[2010/09/28 21:03:10 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/09/04 19:01:35 | 000,000,462 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/04 19:00:39 | 000,000,801 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/01/07 15:53:50 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/08/18 19:48:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 19:48:40 | 000,078,848 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\nerosds.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/22 21:34:21 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2008/12/22 21:34:21 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2008/10/11 15:09:56 | 000,001,356 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\d3d9caps.dat
[2008/10/01 09:53:02 | 000,000,340 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\wklnhst.dat
[2008/07/07 11:14:19 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/07/07 11:13:18 | 000,000,801 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/07/07 11:13:18 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/07/07 11:09:40 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/07/07 11:09:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/07/07 11:05:43 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/07/05 17:02:00 | 000,098,816 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/27 21:28:18 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\QSwitch.txt
[2008/06/27 21:28:18 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\DSwitch.txt
[2008/06/27 21:28:18 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\AtStart.txt
[2008/04/23 09:48:39 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/17 23:42:52 | 000,000,738 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/02/10 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/09/13 08:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 08:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 08:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2008/09/13 16:50:52 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\acccore
[2010/10/19 21:22:36 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Ahevl
[2009/03/15 19:34:59 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Costco Photo Organizer
[2010/10/19 21:21:39 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\D774B8DF1506404D795915E5CB4292B6
[2010/10/19 21:22:29 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Egdae
[2010/10/16 07:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Gmote
[2009/12/04 16:33:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\mjusbsp
[2008/12/07 09:20:43 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\muvee Technologies
[2008/12/03 15:53:49 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\OpenOffice.org
[2009/04/25 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\PC-FAX TX
[2010/09/04 19:01:46 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Research In Motion
[2008/09/25 12:33:23 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\ScanSoft
[2010/02/27 20:15:06 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Television Education, Inc
[2008/10/01 09:53:06 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Template
[2009/10/05 21:26:57 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\WildTangent
[2010/10/20 18:05:49 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job
[2010/10/19 06:42:23 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\FileCure.job
[2010/10/20 17:38:57 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/20 18:25:08 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{08B36D07-8E22-4DE6-BB54-E25FD678DC0F}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/07/22 06:02:52 | 000,000,183 | ---- | M] ()(C:\Users\Sabrina\Desktop\????? ?????? - ???.url) -- C:\Users\Sabrina\Desktop\סודות מתוקים - רשת.url
[2010/07/22 06:02:52 | 000,000,183 | ---- | C] ()(C:\Users\Sabrina\Desktop\????? ?????? - ???.url) -- C:\Users\Sabrina\Desktop\סודות מתוקים - רשת.url

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Sabrina\Documents\VTS_01_1.VOB:TOC.WMV
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:7F4E393D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

descriptionthinkpoint EmptyRe: thinkpoint21st October 2010, 5:53 am

more_horiz
Hi,

Please do the following steps:

1.

Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O4 - HKLM..\Run: [hpqSRMon] File not found
    O4 - HKCU..\Run: [{363F67BC-E2E1-2C93-6E29-CFC7F2E86845}] C:\Users\Sabrina\AppData\Roaming\Egdae\onule.exe ()
    O4 - HKCU..\Run: [Dwute] C:\Users\Sabrina\AppData\Local\nerosds.DLL ()
    O4 - HKCU..\Run: [mownsaxcer.exe] C:\Users\Sabrina\AppData\Local\Temp\mownsaxcer.exe ()
    O4 - HKCU..\Run: [SpybotSD TeaTimer] File not found
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O20 - HKCU Winlogon: Shell - (C:\Users\Sabrina\AppData\Roaming\hotfix.exe) - C:\Users\Sabrina\AppData\Roaming\hotfix.exe ()
    O33 - MountPoints2\{08043ccd-dc6b-11de-b056-001e6854a02e}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
    O33 - MountPoints2\{08043ccd-dc6b-11de-b056-001e6854a02e}\Shell\phone\command - "" = G:\autorun.exe -- File not found
    O33 - MountPoints2\{61918546-87f1-11de-a42a-001e6854a02e}\Shell\AutoRun\command - "" = G:\ -- File not found
    O33 - MountPoints2\{e641d696-465d-11dd-afd4-001e6854a02e}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
    O33 - MountPoints2\G\Shell\phone\command - "" = G:\autorun.exe -- File not found
    [2010/10/19 21:23:17 | 000,000,010 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\install
    [2010/10/19 21:22:30 | 000,000,184 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\43984.bat
    [2010/10/19 21:22:29 | 000,513,536 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\hotfix.exe
    [2010/10/19 21:22:20 | 000,000,184 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\42113.bat
    @Alternate Data Stream - 64 bytes -> C:\Users\Sabrina\Documents\VTS_01_1.VOB:TOC.WMV

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.



2.

Please download Malwarebytes' AntiMalware.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



Please post both logs. Thanks.

descriptionthinkpoint Emptythinkpoint banner.....GONE!!!21st October 2010, 8:33 pm

more_horiz
Hi,
ran OTL with copy/paste as instructed. Got message that OTL stopped working. rebooted as prompted and VOILA! My desktop was back (and eveything else seems to be as well...) Thank You! Thank You! and Hooray!
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{363F67BC-E2E1-2C93-6E29-CFC7F2E86845} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363F67BC-E2E1-2C93-6E29-CFC7F2E86845}\ not found.
File C:\Users\Sabrina\AppData\Roaming\Egdae\onule.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Dwute not found.
File C:\Users\Sabrina\AppData\Local\nerosds.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mownsaxcer.exe not found.
File C:\Users\Sabrina\AppData\Local\Temp\mownsaxcer.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Sabrina\AppData\Roaming\hotfix.exe deleted successfully.
File C:\Users\Sabrina\AppData\Roaming\hotfix.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08043ccd-dc6b-11de-b056-001e6854a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08043ccd-dc6b-11de-b056-001e6854a02e}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08043ccd-dc6b-11de-b056-001e6854a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08043ccd-dc6b-11de-b056-001e6854a02e}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61918546-87f1-11de-a42a-001e6854a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61918546-87f1-11de-a42a-001e6854a02e}\ not found.
File G:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e641d696-465d-11dd-afd4-001e6854a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e641d696-465d-11dd-afd4-001e6854a02e}\ not found.
File F:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\autorun.exe not found.
File C:\Users\Sabrina\AppData\Roaming\install not found.
File C:\Users\Sabrina\AppData\Roaming\43984.bat not found.
File C:\Users\Sabrina\AppData\Roaming\hotfix.exe not found.
File C:\Users\Sabrina\AppData\Roaming\42113.bat not found.
Unable to delete ADS C:\Users\Sabrina\Documents\VTS_01_1.VOB:TOC.WMV .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sabrina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 835718 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68330741 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 220990 bytes

Total Files Cleaned = 66.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Sabrina
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10212010_131058

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

descriptionthinkpoint Emptymbam log22nd October 2010, 2:54 am

more_horiz
THank you again the Avatar!
Malwarebytes' Anti-Malware 1.30
Database version: 1406
Windows 6.0.6002 Service Pack 2

10/21/2010 7:11:21 PM
mbam-log-2010-10-21 (19-11-21).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 244765
Time elapsed: 3 hour(s), 44 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionthinkpoint EmptyRe: thinkpoint22nd October 2010, 8:45 am

more_horiz
Hi please do the following:


Step 1:


  • To get the latest version of Java please go HERE.
  • Go to Start -> Control Panel -> Programs and Features.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: thinkpoint Javaicon
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.



Step 2:

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    thinkpoint KasReport


  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply



Please also let me know how your machine is running. Thanks!

descriptionthinkpoint EmptyRe: thinkpoint

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum