Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help me remove ThinkPoint!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help me remove ThinkPoint!

Unread postby hsdoyle » December 8th, 2010, 2:10 pm

Thinkpoint Virus on my computer; need help removing it, please!!

Below is my Tend Micro HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:29 PM, on 12/8/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DELL\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Users\Hannah\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Windows\ehome\ehtray.exe
C:\Users\Hannah\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Windows\system32\NOTEPAD.EXE
c:\Users\Hannah\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SmileboxTray] "C:\Users\Hannah\AppData\Roaming\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SB98F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hannah\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WordNet-Online] "C:\Program Files\WordNet-Online\WordNet-Online.exe" /m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/42.19/uploader2.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12904 bytes


Not sure what to do? Please help!
hsdoyle
Active Member
 
Posts: 14
Joined: December 8th, 2010, 2:07 pm
Advertisement
Register to Remove

Re: Please help me remove ThinkPoint!

Unread postby MWR 3 day Mod » December 12th, 2010, 3:04 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Please help me remove ThinkPoint!

Unread postby deltalima » December 13th, 2010, 2:14 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help me remove ThinkPoint!

Unread postby deltalima » December 13th, 2010, 2:26 pm

Hi hsdoyle,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help me remove ThinkPoint!

Unread postby hsdoyle » December 15th, 2010, 10:55 am

Thank you so much for your help.

Here is the HijackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:45:02 AM, on 12/15/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DELL\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Users\Hannah\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Hannah\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Hannah\Downloads\HijackThis.exe
C:\Windows\explorer.exe

O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Security\TFEngine\TFService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

and I will post the other log from MGA in a moment.
hsdoyle
Active Member
 
Posts: 14
Joined: December 8th, 2010, 2:07 pm

Re: Please help me remove ThinkPoint!

Unread postby hsdoyle » December 15th, 2010, 10:58 am

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6000.2.00010300.0.0.003
ID: {211D842B-965D-4543-B98F-3207D85E3DAB}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6000.vista_gdr.100218-0019
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_70AFE6BE-656-80070057_E2AD56EA-815-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{211D842B-965D-4543-B98F-3207D85E3DAB}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-2896543849-2471274629-336152485</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A00</Version><SMBIOSVersion major="2" minor="4"/><Date>20070523000000.000000+000</Date></BIOS><HWID>30313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>598CD510546BDB0</Val><Hash>zXAq9fV9K6bPaUEVfnEMqYB2VBI=</Hash><Pid>81602-OEM-6872822-23534</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6000.16509
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-1033-6000.0000-2012007
Installation ID: 014583419990355832133324327595109601362222382150343503
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57201
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57203
Use License URL: http://go.microsoft.com/fwlink/?LinkId=57205
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57204
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PAAAAAEABgABAAIAAQABAAAAAwABAAEAJJSc6drxGtPqTSSWUmauf0aDWm9SvOCj8vTm976HLvisViqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M08
FACP DELL M08
HPET DELL M08
BOOT DELL M08
MCFG DELL M08
SLIC DELL M08
SSDT PmRef CpuPm
hsdoyle
Active Member
 
Posts: 14
Joined: December 8th, 2010, 2:07 pm

Re: Please help me remove ThinkPoint!

Unread postby deltalima » December 15th, 2010, 3:01 pm

Hi hsdoyle,

The log you posted is a HijackThis log, please follow the instructions to post and Uninstall list.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help me remove ThinkPoint!

Unread postby hsdoyle » December 15th, 2010, 9:50 pm

I'm sorry about that! here it is:

Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Banctec Service Agreement
Bonjour
Broadcom Management Programs
Browser Defender 3.0.0.213
Browser Highlighter - Firefox
Collins 1.0
Conexant HDA D330 MDC V.92 Modem
CX4300_5500_DX4400 manual
Dell DataSafe Online
Dell Support Center
Dell System Customization Wizard
Dell Touchpad
DELL Webcam Center
DELL Webcam Manager
DellSupport
Digital Line Detect
DivX Plus Web Player
EPSON Easy Photo Print
EPSON Printer Software
EPSON Scan
Final Draft 7
Games, Music, & Photos Launcher
Google Desktop
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 21
Java(TM) SE Runtime Environment 6
LAME v3.98.2 for Audacity
Laptop Integrated Webcam Driver (1.00.10.0320)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LiveUpdate 3.3 (Symantec Corporation)
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office Language Pack 2007 - Italian/Italiano
Microsoft Office O MUI (Italian) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office SharePoint Designer MUI (Italian) 2007
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Office X MUI (Italian) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Modem Diagnostic Tool
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix Movie Viewer
NetWaiting
OutlookAddinSetup
PC Tools Registry Tool
Picasa 3
Product Documentation Launcher
QuickSet
QuickTime
RealPlayer
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
Sonic Activation Module
Sony Picture Utility
Spybot - Search & Destroy
Spyware Doctor with AntiVirus 8.0
Symantec AntiVirus
Trend Micro Internet Security Pro
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Windows Media Player Firefox Plugin
World Community Grid - BOINC Agent
hsdoyle
Active Member
 
Posts: 14
Joined: December 8th, 2010, 2:07 pm

Re: Please help me remove ThinkPoint!

Unread postby hsdoyle » December 15th, 2010, 9:52 pm

From the research I've done, I believe "hot fix" is the culprit - how do I remove it from my system?

Thank you again so much.
hsdoyle
Active Member
 
Posts: 14
Joined: December 8th, 2010, 2:07 pm

Re: Please help me remove ThinkPoint!

Unread postby deltalima » December 16th, 2010, 5:06 am

Hi hsdoyle,

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    Symantec AntiVirus
    Trend Micro Internet Security Pro
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove one of them.

Please also uninstall Spybot - Search & Destroy as it may interfere with our scans and fixes.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator.. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help me remove ThinkPoint!

Unread postby hsdoyle » December 17th, 2010, 12:11 pm

Here they are:
And again, as always, - thank you very much.

OTL logfile created on: 12/17/2010 10:53:26 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Hannah\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 18.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.48 Gb Total Space | 50.65 Gb Free Space | 37.11% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.34 Gb Free Space | 43.43% Space Free | Partition Type: NTFS

Computer Name: HANNAH-PC | User Name: Hannah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hannah\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
PRC - c:\Program Files\tbh\base\bin\tbhDaemon.exe ()
PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Users\Hannah\AppData\Local\Temp\is-PRG22.tmp\InnoMonitor2.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Users\Hannah\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe ()
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Users\Hannah\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DELL\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\DELL\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Hannah\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\PC Tools Security\TFEngine\TFWAH.dll (PC Tools)
MOD - C:\Program Files\PC Tools Security\smum32.dll (PC Tools)
MOD - C:\Program Files\PC Tools Security\PCTGMhk.dll (PC Tools)
MOD - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (Security Activity Dashboard Service) -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe File not found
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (ThreatFire) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (tbhMonitor.exe) -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe ()
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (portD) -- C:\Windows\System32\DRIVERS\portd2k.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101216.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101216.002\NAVENG.SYS (Symantec Corporation)
DRV - (TFSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctplsg) -- C:\Windows\System32\drivers\pctplsg.sys (PC Tools)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=2070716
IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=2070716
IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.thehungersite.com/clickToGive/home.faces?siteId=1&link=ctg_ths_home_from_ths_thankyou_sitenav"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.17641
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.204


FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/31 09:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\FireFox\ [2010/12/09 22:35:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/04 17:14:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/04 17:14:01 | 000,000,000 | ---D | M]

[2008/12/19 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Mozilla\Extensions
[2010/12/17 10:35:57 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xjxjwypo.default\extensions
[2009/09/04 15:05:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xjxjwypo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/14 00:06:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xjxjwypo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/17 01:59:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xjxjwypo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/17 02:00:23 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xjxjwypo.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2008/12/19 23:24:07 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xjxjwypo.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2010/12/17 10:36:31 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xjxjwypo.default\extensions\browserhighlighter@ebay.com
[2009/09/29 03:20:20 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xjxjwypo.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2009/07/17 02:00:05 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xjxjwypo.default\extensions\piclens@cooliris.com
[2010/11/04 17:14:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/10 12:56:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2896543849-2471274629-336152485-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2896543849-2471274629-336152485-1000..\Run: [SmileboxTray] C:\Users\Hannah\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKU\S-1-5-21-2896543849-2471274629-336152485-1000..\Run: [Spyware Doctor with AntiVirus] C:\Users\Hannah\Desktop\sdasetup.exe ()
O4 - HKU\S-1-5-21-2896543849-2471274629-336152485-1000..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2896543849-2471274629-336152485-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Fac ... oader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Fac ... loader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Hannah\Pictures\Stevens_StrictCareStrictJoy.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hannah\Pictures\Stevens_StrictCareStrictJoy.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{09fd235b-e0df-11dd-b66b-001aa0fc45d2}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{a3a95d4e-daf6-11de-9e5f-001aa0fc45d2}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/16 10:59:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/15 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\Hannah\Desktop\Downloads
[2010/12/15 21:13:22 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\GetRightToGo
[2010/12/15 20:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Tool
[2010/12/15 10:26:38 | 000,123,952 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/12/15 10:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/15 10:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/15 09:55:28 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/12/15 09:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/12/09 22:40:18 | 000,069,392 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010/12/09 22:40:18 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010/12/09 22:40:17 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010/12/09 22:35:16 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/12/09 22:35:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/12/09 12:00:51 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010/12/09 12:00:51 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010/12/09 12:00:48 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/12/09 12:00:48 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/12/09 12:00:37 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/12/09 12:00:37 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/12/09 12:00:25 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/12/09 12:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/12/09 12:00:08 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\PC Tools
[2010/12/09 12:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/12/09 11:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/09 11:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/12/09 11:07:42 | 000,000,000 | ---D | C] -- C:\Users\Hannah\Desktop\32bit
[2010/12/09 11:07:13 | 000,000,000 | ---D | C] -- C:\Users\Hannah\Desktop\64bit
[2010/12/09 10:42:15 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/12/09 04:26:20 | 001,996,752 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/12/09 00:52:24 | 000,000,000 | ---D | C] -- C:\Log
[2010/12/09 00:28:47 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\Sunbelt
[2010/12/08 13:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2010/12/08 13:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010/12/08 11:47:40 | 000,000,000 | ---D | C] -- C:\rei
[2010/12/08 11:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage

========== Files - Modified Within 30 Days ==========

[2010/12/17 10:41:48 | 000,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/17 10:41:48 | 000,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/17 10:32:08 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 10:32:08 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 10:31:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/17 10:31:31 | 2137,194,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/17 10:24:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2896543849-2471274629-336152485-1000UA.job
[2010/12/16 17:12:36 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2896543849-2471274629-336152485-1000Core.job
[2010/12/15 20:30:15 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools File and Registry Tool.lnk
[2010/12/15 10:27:37 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/12/15 10:27:37 | 000,010,563 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/12/15 10:27:37 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/12/09 12:03:08 | 001,888,612 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/12/09 11:51:07 | 000,513,032 | ---- | M] () -- C:\Users\Hannah\Desktop\sdasetup.exe
[2010/12/09 10:56:49 | 000,093,184 | ---- | M] () -- C:\Users\Hannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/09 10:42:06 | 000,000,036 | ---- | M] () -- C:\Users\Hannah\AppData\Local\housecall.guid.cache
[2010/12/08 23:26:20 | 001,996,752 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/12/05 23:14:46 | 000,043,766 | ---- | M] () -- C:\Users\Hannah\Desktop\nord Italia.jpg
[2010/12/03 15:34:50 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/12/03 15:34:48 | 001,533,904 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/12/03 15:34:42 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010/12/02 11:33:12 | 000,069,392 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010/12/02 11:33:12 | 000,051,984 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010/12/02 11:33:12 | 000,033,552 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010/11/26 16:19:25 | 290,004,063 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/25 10:53:58 | 000,160,448 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/11/25 10:42:10 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys

========== Files Created - No Company Name ==========

[2010/12/15 20:30:15 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools File and Registry Tool.lnk
[2010/12/15 10:26:38 | 000,010,563 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/12/15 10:26:38 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/12/09 22:37:38 | 2137,194,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/09 22:35:16 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/12/09 22:35:16 | 000,002,052 | ---- | C] () -- C:\Windows\UDB.zip
[2010/12/09 22:35:16 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/12/09 22:35:16 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/12/09 22:35:16 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/12/09 12:01:23 | 001,888,612 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/12/09 11:51:19 | 000,513,032 | ---- | C] () -- C:\Users\Hannah\Desktop\sdasetup.exe
[2010/12/09 10:42:06 | 000,000,036 | ---- | C] () -- C:\Users\Hannah\AppData\Local\housecall.guid.cache
[2010/12/09 09:59:04 | 000,046,456 | R--- | C] () -- C:\Windows\System32\exitwx.exe
[2010/12/05 23:14:38 | 000,043,766 | ---- | C] () -- C:\Users\Hannah\Desktop\nord Italia.jpg
[2009/12/20 15:24:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/28 21:31:52 | 000,000,680 | ---- | C] () -- C:\Users\Hannah\AppData\Local\d3d9caps.dat
[2009/01/12 14:10:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/01/12 13:52:18 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007/07/20 15:44:55 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2007/07/20 15:43:05 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2007/07/20 15:35:16 | 000,093,184 | ---- | C] () -- C:\Users\Hannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/16 07:00:35 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/16 07:00:35 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/07/16 07:00:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2007/07/16 07:00:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >



------------------------------
OTL Extras logfile created on: 12/17/2010 10:53:26 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Hannah\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 18.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.48 Gb Total Space | 50.65 Gb Free Space | 37.11% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.34 Gb Free Space | 43.43% Space Free | Partition Type: NTFS

Computer Name: HANNAH-PC | User Name: Hannah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F373F05-C67A-49D6-AC3C-D1D3BB1036BD}" = rport=138 | protocol=17 | dir=out | app=system |
"{3A6B5B36-0B86-44CF-9E51-44AADDF293D5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3B7565BF-C68A-4697-BE6E-A7F7300AFECA}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D6DFB87-8C66-4C3C-A33E-2C16A4077306}" = lport=137 | protocol=17 | dir=in | app=system |
"{4FD82552-57E1-4097-9A25-0BF69AE8B9C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{606EF1D0-F549-4A30-889A-5830A2E381C2}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A94C170-F3F4-4575-84DA-FFFBA0BBC0FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BB8A1613-38DB-4DE1-9993-6A11B4320F3F}" = lport=138 | protocol=17 | dir=in | app=system |
"{E586ED94-73C3-42C8-955D-CBDAEF8B823E}" = lport=5191 | protocol=6 | dir=in | name=the browser highlighter xcom |
"{EFD82C3E-2A50-45E5-A87C-7BB51349C3CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{FBE77990-A235-4C81-9A0D-551E82133E03}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067C477D-F5A9-4460-A7D9-7081B37AA0E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1522DCBF-8CE2-4557-9CE1-F0FDAB2C53A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{18359D4C-164B-434C-8226-FF86F0D9DDD0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1DEA5707-6A37-458F-AC05-ABACF92625E9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{25ED1DCE-49A2-4107-824D-24A7DB973738}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{2805C4AD-9D89-4AC2-8E47-259BC35D6597}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{294F4E85-1414-44B3-9CFC-E9AFB9565088}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{2A1F9451-F65E-4659-A54C-B7D3D6485CD3}" = protocol=17 | dir=in | app=c:\users\hannah\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{30ABCE62-BC25-46C1-B134-691C5345D8D0}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{39B4D138-4529-4DA5-AC81-864EB55215C6}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{4434A23B-483C-4319-A2EB-384537CD05F9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5A55AF74-0846-441D-A429-ED4E75490890}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{62E76BEA-8CD6-4ED2-94AD-EF64C42A7C5D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{63C16EC8-47F1-482F-A0E8-91917D294BB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F3958FF-667F-4311-A22A-1D5A2EBD767B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6F9F6BD0-9D93-4345-B681-1AB912D705F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{762DD058-9183-4E1D-8F4B-522EC8B0A3FC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8DEC55A3-8948-4D36-87FC-01AF1E6D382C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC869D37-8A6A-4BB9-96FC-3271BD3016FC}" = protocol=17 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{AD4BD64A-4C74-4A39-BBA1-3047FD41AD5C}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{AF042BE2-A9CC-4351-B9C2-76223F3B00C9}" = protocol=6 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{B396290D-CF77-40F7-B87C-6F4A96A3B8B5}" = protocol=17 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{CEEBFBEB-D8DC-49B7-BE2C-9E3C5B10B70F}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{D498E034-26A1-4201-A30B-59E0882AB172}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{DDDD79A1-7D9C-4E46-9C9C-1584D10EEC00}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DE0F03BC-BD3E-447D-90C5-719AC18A7D9F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E993C358-5975-4D86-8CE8-967AA461567C}" = protocol=6 | dir=in | app=c:\users\hannah\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{EE6A79B6-6C50-415E-87A2-575FA3E32F45}" = protocol=6 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2007
"{90120000-0017-0410-0000-0000000FF1CE}_OMUI.it-it_{342281AF-B7FE-4999-BE64-29F7D6249970}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.it-it_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.it-it_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.it-it_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.it-it_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_OMUI.it-it_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2007
"{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2007
"{90120000-0101-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{97257926-3443-4DB5-93CF-2B3ADAD581CC}" = World Community Grid - BOINC Agent
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Audacity_is1" = Audacity 1.2.6
"Browser Defender_is1" = Browser Defender 3.0.0.213
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Collins_is1" = Collins 1.0
"Creative OEM002" = Laptop Integrated Webcam Driver (1.00.10.0320)
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"OMUI.it-it" = Microsoft Office Language Pack 2007 - Italian/Italiano
"PC Tools File and Registry Tool_is1" = PC Tools Registry Tool
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"ViewpointMediaPlayer" = Viewpoint Media Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2896543849-2471274629-336152485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Smilebox" = Hallmark Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2010 12:27:42 PM | Computer Name = Hannah-PC | Source = WerSvc | ID = 5007
Description =

Error - 12/16/2010 6:18:51 PM | Computer Name = Hannah-PC | Source = WerSvc | ID = 5007
Description =

Error - 12/17/2010 11:23:40 AM | Computer Name = Hannah-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3951 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 8a8 Start Time: 01cb9d6f5ccc7c7b Termination Time: 141

Error - 12/17/2010 11:40:12 AM | Computer Name = Hannah-PC | Source = Perflib | ID = 1008
Description =

Error - 12/17/2010 11:40:13 AM | Computer Name = Hannah-PC | Source = Perflib | ID = 1010
Description =

Error - 12/17/2010 11:40:22 AM | Computer Name = Hannah-PC | Source = Perflib | ID = 1008
Description =

Error - 12/17/2010 11:40:58 AM | Computer Name = Hannah-PC | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/17/2010 11:41:45 AM | Computer Name = Hannah-PC | Source = WerSvc | ID = 5007
Description =

Error - 12/17/2010 11:44:56 AM | Computer Name = Hannah-PC | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/17/2010 11:50:42 AM | Computer Name = Hannah-PC | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

[ Media Center Events ]
Error - 10/7/2009 2:04:19 PM | Computer Name = Hannah-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 9/11/2008 4:07:12 AM | Computer Name = Hannah-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 369021
seconds with 19200 seconds of active time. This session ended with a crash.

Error - 11/25/2008 1:51:16 AM | Computer Name = Hannah-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 9916 seconds with 6240 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 12/16/2010 12:27:02 PM | Computer Name = Hannah-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/16/2010 6:12:17 PM | Computer Name = Hannah-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:34:23 PM on 12/16/2010 was unexpected.

Error - 12/16/2010 6:13:25 PM | Computer Name = Hannah-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/16/2010 6:13:25 PM | Computer Name = Hannah-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/16/2010 8:02:41 PM | Computer Name = Hannah-PC | Source = bowser | ID = 8003
Description =

Error - 12/17/2010 11:28:59 AM | Computer Name = Hannah-PC | Source = DCOM | ID = 10010
Description =

Error - 12/17/2010 11:31:50 AM | Computer Name = Hannah-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:29:44 AM on 12/17/2010 was unexpected.

Error - 12/17/2010 11:32:45 AM | Computer Name = Hannah-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/17/2010 11:32:45 AM | Computer Name = Hannah-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/17/2010 11:39:10 AM | Computer Name = Hannah-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >
--------------
hsdoyle
Active Member
 
Posts: 14
Joined: December 8th, 2010, 2:07 pm

Re: Please help me remove ThinkPoint!

Unread postby deltalima » December 17th, 2010, 3:55 pm

Hi hsdoyle,

It looks like Symantec antivirus is sill running on the computer. Did you get any error message when you uninstalled?

Please post the GMER log when ready, if you have problems running GMER then please run this alternative scan.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help me remove ThinkPoint!

Unread postby hsdoyle » December 18th, 2010, 11:52 am

I did uninstall Symantec, but it does still seem to be there. I will try that again now.
I had to run the GMER in safemode with networking; it couldn't open in normal mode. Here is the scan result below. I will try to run my computer again in normal, and run the alternative scanner. I'll post that in the next reply.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-18 10:48:49
Windows 6.0.6000
Running: 06626q85.exe; Driver: C:\Users\Hannah\AppData\Local\Temp\uwlirpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x87FA2F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x87FA3230]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x87FA29D8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x87FA352C]

---- Kernel code sections - GMER 1.0.15 ----

? \ArcName\multi(0)disk(0)rdisk(0)partition(3)\Windows\system32\drivers\PctWfpFilter.sys The system cannot find the path specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
hsdoyle
Active Member
 
Posts: 14
Joined: December 8th, 2010, 2:07 pm

Re: Please help me remove ThinkPoint!

Unread postby hsdoyle » December 18th, 2010, 11:53 am

Symantec doesn't show up in my 'Programs and Features', so I thought it was successfully uninstalled. I'll try to delete all of its files now.
hsdoyle
Active Member
 
Posts: 14
Joined: December 8th, 2010, 2:07 pm

Re: Please help me remove ThinkPoint!

Unread postby deltalima » December 18th, 2010, 12:00 pm

Hi hsdoyle,

Rkill

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad windows will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware