Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Internet Security 2011

Started by cdiddy34 , May 01 2011 03:19 PM

  • This topic is locked This topic is locked

#1
cdiddy34
Posted 01 May 2011 - 03:19 PM

cdiddy34

    Member

  • Member
  • PipPip
  • 55 posts
**Had this same thing about 2 weeks ago?? Thought it was cleaned up, could this be the same virus from a different site? Again, I am on the administrator login in safe mode because the safe mode under "mini" which is the login the virus is in won't load sites properly**

*EDIT: Posted the extras.txt not the otl.txt*

OTL logfile created on: 5/1/2011 4:12:45 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 739.00 Mb Available Physical Memory | 73.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.68 Gb Total Space | 136.34 Gb Free Space | 92.95% Space Free | Partition Type: NTFS

Computer Name: HSMINI14 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 16:12:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads\OTL.exe
PRC - [2011/03/25 08:44:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 16:12:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads\OTL.exe
MOD - [2011/03/13 09:21:13 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2008/09/02 12:28:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/06/24 02:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/09/26 20:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2005/03/29 12:28:44 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\LMabcoms.exe -- (lmab_device)


========== Driver Services (SafeList) ==========

DRV - [2009/02/18 05:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/10 22:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/22 21:03:24 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/06/22 23:23:58 | 000,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/06/19 23:43:36 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/06/11 01:14:18 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/05/29 22:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/02/04 04:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/01/11 17:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007/09/19 22:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/19 00:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/13 09:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/11 00:18:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 12:40:36 | 000,000,000 | ---D | M]

[2011/04/11 02:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Mozilla\Extensions
[2011/04/12 20:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Mozilla\Firefox\Profiles\zxpzpcwr.default\extensions
[2011/04/11 02:35:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Mozilla\Firefox\Profiles\zxpzpcwr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 20:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/13 09:21:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/11/03 10:48:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/04/13 07:39:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Diigo Toolbar Helper) - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Diigo Toolbar) - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Diigo - {B952F2E0-5F9F-4898-89A8-4FB770625E09} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 14:16:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 16:24:34 | 000,000,000 | ---D | C] -- C:\swshare
[2011/04/11 03:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/11 02:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Malwarebytes
[2011/04/11 02:38:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/11 02:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/11 02:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/11 02:38:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/11 02:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/11 02:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads
[2011/04/11 02:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Macromedia
[2011/04/11 02:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Adobe
[2011/04/11 02:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Local Settings\Application Data\Mozilla
[2011/04/11 02:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Mozilla
[2011/04/11 02:25:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Microsoft
[2011/04/11 02:25:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Application Data
[2011/04/11 02:25:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Favorites
[2011/04/11 02:25:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.HSMINI14\Cookies
[2011/04/11 02:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\InstallShield
[2011/04/11 02:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Identities
[2011/04/11 02:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Desktop
[2011/04/11 02:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Bluetooth Software
[2011/04/11 02:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Local Settings\Application Data\ApplicationHistory
[2011/04/11 02:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Local Settings\Application Data\Adobe
[2011/04/11 02:25:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.HSMINI14\SendTo
[2011/04/11 02:25:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Recent
[2011/04/11 02:25:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Start Menu\Programs\Startup
[2011/04/11 02:25:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Start Menu
[2011/04/11 02:25:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\My Pictures
[2011/04/11 02:25:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\My Music
[2011/04/11 02:25:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HSMINI14\My Documents
[2011/04/11 02:25:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Start Menu\Programs\Accessories
[2011/04/11 02:25:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Templates
[2011/04/11 02:25:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HSMINI14\PrintHood
[2011/04/11 02:25:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HSMINI14\NetHood
[2011/04/11 02:25:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Local Settings
[2011/04/11 02:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Local Settings\Application Data\Microsoft Help
[2011/04/11 02:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\Local Settings\Application Data\Microsoft
[2011/04/11 02:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\Bluetooth Exchange Folder
[2011/04/09 12:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/09 12:39:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/05/01 16:12:19 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/05/01 16:12:19 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/05/01 16:09:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 16:09:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/01 16:07:16 | 000,009,996 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\556dx4g3ugo42kd8e
[2011/05/01 16:06:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-1009.job
[2011/05/01 16:06:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-1009.job
[2011/05/01 15:45:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3616731779-367775177-291561168-1009UA.job
[2011/05/01 15:32:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/05/01 15:23:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 12:42:57 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/28 12:42:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2011/04/28 12:42:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011/04/28 12:41:24 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 12:12:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2011/04/28 12:12:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011/04/25 15:08:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/21 15:41:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2011/04/21 15:41:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011/04/14 10:45:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3616731779-367775177-291561168-1009Core.job
[2011/04/13 16:25:39 | 000,388,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 16:24:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2011/04/13 16:24:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2011/04/13 07:40:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2011/04/13 07:40:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2011/04/13 07:39:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/12 20:18:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2011/04/12 20:18:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2011/04/11 07:16:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2011/04/11 07:16:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2011/04/11 03:57:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/04/11 03:57:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/04/11 02:56:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2011/04/11 02:56:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011/04/11 02:38:34 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 02:22:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/04/11 02:22:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/04/11 01:59:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2011/04/11 01:59:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2011/04/11 01:38:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2011/04/11 01:38:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2011/04/11 01:31:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2011/04/11 01:31:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2011/04/09 12:40:36 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2011/05/01 16:05:08 | 000,009,996 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\556dx4g3ugo42kd8e
[2011/04/13 07:36:34 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/04/13 07:36:34 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/04/11 02:38:34 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 02:25:13 | 000,001,244 | ---- | C] () -- C:\Documents and Settings\Administrator.HSMINI14\Desktop\Share Your Ideas.lnk
[2011/04/11 02:25:13 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/11 02:25:13 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator.HSMINI14\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/04/11 02:25:12 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\Administrator.HSMINI14\Desktop\Symantec Install NIS (Norton Internet Security).lnk
[2011/04/11 02:25:10 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\Administrator.HSMINI14\Start Menu\Programs\Symantec Install NIS (Norton Internet Security).lnk
[2011/04/11 02:25:10 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.HSMINI14\Start Menu\Programs\Remote Assistance.lnk
[2011/04/11 02:25:10 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Administrator.HSMINI14\Start Menu\Programs\Internet Explorer.lnk
[2011/04/11 02:25:10 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator.HSMINI14\Start Menu\Programs\Outlook Express.lnk
[2011/04/09 12:40:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/04/09 12:40:36 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/03/11 13:26:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/01/31 17:11:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/10 19:05:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/10 11:24:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/03 11:02:12 | 000,001,345 | ---- | C] () -- C:\WINDOWS\LMAAT2DD.ini
[2009/03/04 19:46:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/04 18:52:45 | 000,148,792 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009/03/04 18:48:18 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/03/04 18:48:18 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/03/04 18:48:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/03/04 18:48:17 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/03/04 18:48:17 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/03/04 18:48:17 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/03/04 18:48:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/03/04 18:48:16 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/03/04 18:48:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/03/04 18:48:16 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/03/04 18:48:15 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/03/04 18:48:15 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/03/04 18:48:15 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/03/04 18:48:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/03/04 18:48:14 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/03/04 18:48:14 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/03/04 18:48:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/03/04 18:40:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/04 18:38:42 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/03/04 18:32:57 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2008/12/01 21:32:30 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys
[2008/07/21 16:08:39 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 15:04:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/07/21 15:04:41 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/07/21 15:04:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/07/21 15:04:41 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/07/21 15:04:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/07/21 15:04:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/07/21 15:04:41 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/07/21 15:04:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/21 15:04:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/07/21 15:04:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/07/21 15:04:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/07/21 15:04:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/07/21 14:18:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/21 14:14:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 07:09:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 07:09:12 | 000,388,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/24 02:20:42 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/03/04 18:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/04/11 03:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/28 12:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VeriFace
[2011/05/01 15:32:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Edited by cdiddy34, 01 May 2011 - 03:22 PM.

  • 0

Advertisements

#2
cdiddy34
Posted 01 May 2011 - 05:32 PM

cdiddy34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I was able to get OTL to run on the login that has the virus. Even in safe mode, I could not connect to the internet and had many pop-ups.

OTL logfile created on: 5/1/2011 6:28:49 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 750.00 Mb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.68 Gb Total Space | 136.33 Gb Free Space | 92.94% Space Free | Partition Type: NTFS

Computer Name: HSMINI14 | User Name: mini | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 16:12:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads\OTL.exe
PRC - [2011/05/01 16:05:03 | 000,237,554 | -HS- | M] () -- C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 16:12:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2008/09/02 12:28:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/06/24 02:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/09/26 20:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2005/03/29 12:28:44 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\LMabcoms.exe -- (lmab_device)


========== Driver Services (SafeList) ==========

DRV - [2009/02/18 05:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/10 22:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/22 21:03:24 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/06/22 23:23:58 | 000,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/06/19 23:43:36 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/06/11 01:14:18 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/05/29 22:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/02/04 04:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/01/11 17:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007/09/19 22:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/19 00:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3616731779-367775177-291561168-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKU\S-1-5-21-3616731779-367775177-291561168-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3616731779-367775177-291561168-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3616731779-367775177-291561168-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3616731779-367775177-291561168-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-3616731779-367775177-291561168-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-21-3616731779-367775177-291561168-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/13 09:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/11 00:18:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 12:40:36 | 000,000,000 | ---D | M]

[2011/01/31 17:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mini\Application Data\Mozilla\Extensions
[2011/04/30 16:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mini\Application Data\Mozilla\Firefox\Profiles\go4lsb34.default\extensions
[2011/01/31 23:18:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mini\Application Data\Mozilla\Firefox\Profiles\go4lsb34.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 20:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/13 09:21:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/11/03 10:48:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/04/13 07:39:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Diigo Toolbar Helper) - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Diigo Toolbar) - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3616731779-367775177-291561168-1009\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKU\S-1-5-21-3616731779-367775177-291561168-1009..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3616731779-367775177-291561168-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3616731779-367775177-291561168-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Diigo - {B952F2E0-5F9F-4898-89A8-4FB770625E09} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\mini\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mini\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 14:16:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3616731779-367775177-291561168-1009..exefile [open] -- "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3616731779-367775177-291561168-1009\...exe [@ = exefile] -- "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 16:24:34 | 000,000,000 | ---D | C] -- C:\swshare
[2011/04/13 07:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mini\Application Data\Malwarebytes
[2011/04/11 03:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/11 02:38:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/11 02:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/11 02:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/11 02:38:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/11 02:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/09 12:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/09 12:39:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/05/01 18:28:54 | 000,010,008 | -HS- | M] () -- C:\Documents and Settings\mini\Local Settings\Application Data\556dx4g3ugo42kd8e
[2011/05/01 18:28:54 | 000,010,008 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\556dx4g3ugo42kd8e
[2011/05/01 18:28:17 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/05/01 18:28:17 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/05/01 18:27:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 16:09:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/01 16:06:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-1009.job
[2011/05/01 16:06:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-1009.job
[2011/05/01 16:05:03 | 000,237,554 | -HS- | M] () -- C:\Documents and Settings\mini\Local Settings\Application Data\syc.exe
[2011/05/01 16:05:03 | 000,237,554 | -HS- | M] () -- C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe
[2011/05/01 15:45:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3616731779-367775177-291561168-1009UA.job
[2011/05/01 15:32:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/05/01 15:23:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 23:19:05 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\mini\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/28 12:42:57 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/28 12:42:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2011/04/28 12:42:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011/04/28 12:41:24 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 12:12:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2011/04/28 12:12:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011/04/25 15:08:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/21 15:41:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2011/04/21 15:41:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011/04/14 10:45:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3616731779-367775177-291561168-1009Core.job
[2011/04/13 16:25:39 | 000,388,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 16:24:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2011/04/13 16:24:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2011/04/13 07:40:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2011/04/13 07:40:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2011/04/13 07:39:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/12 20:18:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2011/04/12 20:18:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2011/04/11 07:16:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2011/04/11 07:16:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2011/04/11 03:57:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/04/11 03:57:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/04/11 02:56:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2011/04/11 02:56:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011/04/11 02:38:34 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 02:22:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/04/11 02:22:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/04/11 01:59:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2011/04/11 01:59:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2011/04/11 01:38:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2011/04/11 01:38:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2011/04/11 01:31:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2011/04/11 01:31:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2011/04/09 12:40:36 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2011/05/01 16:05:08 | 000,010,008 | -HS- | C] () -- C:\Documents and Settings\mini\Local Settings\Application Data\556dx4g3ugo42kd8e
[2011/05/01 16:05:08 | 000,010,008 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\556dx4g3ugo42kd8e
[2011/05/01 16:05:03 | 000,237,554 | -HS- | C] () -- C:\Documents and Settings\mini\Local Settings\Application Data\syc.exe
[2011/05/01 16:05:03 | 000,237,554 | -HS- | C] () -- C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe
[2011/04/13 07:36:34 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/04/13 07:36:34 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/04/11 02:38:34 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/09 12:40:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/04/09 12:40:36 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/03/11 13:26:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/01/31 17:11:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/17 14:27:59 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\mini\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/10 19:05:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/10 11:24:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/03 11:02:12 | 000,001,345 | ---- | C] () -- C:\WINDOWS\LMAAT2DD.ini
[2009/03/04 19:46:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/04 18:52:45 | 000,148,792 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009/03/04 18:48:18 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/03/04 18:48:18 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/03/04 18:48:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/03/04 18:48:17 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/03/04 18:48:17 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/03/04 18:48:17 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/03/04 18:48:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/03/04 18:48:16 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/03/04 18:48:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/03/04 18:48:16 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/03/04 18:48:15 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/03/04 18:48:15 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/03/04 18:48:15 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/03/04 18:48:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/03/04 18:48:14 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/03/04 18:48:14 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/03/04 18:48:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/03/04 18:40:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/04 18:38:42 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/03/04 18:32:57 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2008/12/01 21:32:30 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys
[2008/07/21 16:08:39 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 15:04:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/07/21 15:04:41 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/07/21 15:04:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/07/21 15:04:41 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/07/21 15:04:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/07/21 15:04:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/07/21 15:04:41 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/07/21 15:04:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/21 15:04:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/07/21 15:04:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/07/21 15:04:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/07/21 15:04:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/07/21 14:18:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/21 14:14:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 07:09:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 07:09:12 | 000,388,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/24 02:20:42 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

#3
Essexboy
Posted 04 May 2011 - 01:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O35 - HKU\S-1-5-21-3616731779-367775177-291561168-1009..exefile [open] -- "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "%1" %* ()
    O37 - HKU\S-1-5-21-3616731779-367775177-291561168-1009\...exe [@ = exefile] -- "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "%1" %* ()
    [2011/05/01 18:28:54 | 000,010,008 | -HS- | M] () -- C:\Documents and Settings\mini\Local Settings\Application Data\556dx4g3ugo42kd8e
    [2011/05/01 18:28:54 | 000,010,008 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\556dx4g3ugo42kd8e
    [2011/05/01 16:05:03 | 000,237,554 | -HS- | M] () -- C:\Documents and Settings\mini\Local Settings\Application Data\syc.exe
    [2011/05/01 16:05:03 | 000,237,554 | -HS- | M] () -- C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

FINALLY


  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#4
cdiddy34
Posted 04 May 2011 - 05:53 PM

cdiddy34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
1st OTL Log
OTL logfile created on: 5/4/2011 6:41:15 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 609.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.68 Gb Total Space | 135.31 Gb Free Space | 92.25% Space Free | Partition Type: NTFS

Computer Name: HSMINI14 | User Name: mini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 16:12:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads\OTL.exe
PRC - [2011/03/25 08:44:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/13 09:20:57 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2009/03/04 18:48:14 | 000,323,584 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
PRC - [2008/09/02 12:28:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/08/28 18:10:18 | 001,283,984 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/07/09 19:21:20 | 004,456,448 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008/06/24 02:21:36 | 000,600,680 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2008/06/24 02:21:34 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2008/06/24 02:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 20:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 16:12:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads\OTL.exe
MOD - [2011/03/13 09:21:13 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
MOD - [2008/06/24 02:20:26 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2008/09/02 12:28:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/06/24 02:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/09/26 20:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2005/03/29 12:28:44 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\LMabcoms.exe -- (lmab_device)


========== Driver Services (SafeList) ==========

DRV - [2009/02/18 05:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/10 22:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/22 21:03:24 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/06/22 23:23:58 | 000,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/06/19 23:43:36 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/06/11 01:14:18 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/05/29 22:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/02/04 04:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/01/11 17:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007/09/19 22:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/19 00:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/13 09:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/11 00:18:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 12:40:36 | 000,000,000 | ---D | M]

[2011/01/31 17:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mini\Application Data\Mozilla\Extensions
[2011/05/04 18:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mini\Application Data\Mozilla\Firefox\Profiles\go4lsb34.default\extensions
[2011/01/31 23:18:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mini\Application Data\Mozilla\Firefox\Profiles\go4lsb34.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 20:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/13 09:21:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/11/03 10:48:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/04/13 07:39:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Diigo Toolbar Helper) - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Diigo Toolbar) - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Diigo - {B952F2E0-5F9F-4898-89A8-4FB770625E09} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\mini\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mini\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 14:16:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 18:25:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/13 16:24:34 | 000,000,000 | ---D | C] -- C:\swshare
[2011/04/13 07:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mini\Application Data\Malwarebytes
[2011/04/11 03:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/11 02:38:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/11 02:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/11 02:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/11 02:38:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/11 02:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/09 12:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/09 12:39:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/05/04 18:32:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/05/04 18:26:34 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/04 18:26:34 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-1009.job
[2011/05/04 18:26:33 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/05/04 18:26:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 18:26:28 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/04 18:21:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/04 18:15:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2011/05/04 18:15:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2011/05/04 18:13:53 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/05/01 16:06:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-1009.job
[2011/05/01 15:45:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3616731779-367775177-291561168-1009UA.job
[2011/05/01 15:23:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 23:19:05 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\mini\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/28 12:42:57 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/28 12:42:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2011/04/28 12:42:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011/04/28 12:12:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2011/04/28 12:12:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011/04/25 15:08:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/21 15:41:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2011/04/21 15:41:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011/04/14 10:45:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3616731779-367775177-291561168-1009Core.job
[2011/04/13 16:25:39 | 000,388,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 16:24:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2011/04/13 16:24:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2011/04/13 07:40:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2011/04/13 07:40:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2011/04/13 07:39:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/12 20:18:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2011/04/12 20:18:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2011/04/11 07:16:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2011/04/11 07:16:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2011/04/11 03:57:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/04/11 03:57:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/04/11 02:56:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2011/04/11 02:56:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011/04/11 02:38:34 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 02:22:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/04/11 02:22:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/04/11 01:59:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2011/04/11 01:59:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2011/04/11 01:38:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2011/04/11 01:38:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2011/04/11 01:31:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2011/04/11 01:31:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2011/04/09 12:40:36 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2011/05/04 18:26:28 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/13 07:36:34 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/04/13 07:36:34 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/04/11 02:38:34 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/09 12:40:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/04/09 12:40:36 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/03/11 13:26:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/01/31 17:11:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/17 14:27:59 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\mini\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/10 19:05:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/10 11:24:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/03 11:02:12 | 000,001,345 | ---- | C] () -- C:\WINDOWS\LMAAT2DD.ini
[2009/03/04 19:46:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/04 18:52:45 | 000,148,792 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009/03/04 18:48:18 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/03/04 18:48:18 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/03/04 18:48:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/03/04 18:48:17 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/03/04 18:48:17 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/03/04 18:48:17 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/03/04 18:48:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/03/04 18:48:16 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/03/04 18:48:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/03/04 18:48:16 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/03/04 18:48:15 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/03/04 18:48:15 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/03/04 18:48:15 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/03/04 18:48:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/03/04 18:48:14 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/03/04 18:48:14 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/03/04 18:48:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/03/04 18:40:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/04 18:38:42 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/03/04 18:32:57 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2008/12/01 21:32:30 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys
[2008/07/21 16:08:39 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 15:04:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/07/21 15:04:41 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/07/21 15:04:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/07/21 15:04:41 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/07/21 15:04:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/07/21 15:04:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/07/21 15:04:41 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/07/21 15:04:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/21 15:04:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/07/21 15:04:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/07/21 15:04:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/07/21 15:04:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/07/21 14:18:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/21 14:14:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 07:09:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 07:09:12 | 000,388,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/24 02:20:42 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/03/04 18:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/04/11 03:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/28 12:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VeriFace
[2010/02/19 11:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mini\Application Data\Molecular Workbench
[2011/05/04 18:32:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

MBR Log
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-04 18:45:14
-----------------------------
18:45:14.765 OS Version: Windows 5.1.2600 Service Pack 3
18:45:14.781 Number of processors: 2 586 0x1C02
18:45:14.781 ComputerName: HSMINI14 UserName: mini
18:45:15.718 Initialize success
18:45:37.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
18:45:37.890 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 00000009 Size: 152627MB BusType: 3
18:45:39.921 Disk 0 MBR read successfully
18:45:39.921 Disk 0 MBR scan
18:45:39.921 Disk 0 unknown MBR code
18:45:41.921 Disk 0 scanning sectors +312576705
18:45:41.953 Disk 0 scanning C:\WINDOWS\system32\drivers
18:45:45.218 Service scanning
18:45:46.765 Disk 0 trace - called modules:
18:45:46.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:45:46.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d51ab8]
18:45:46.796 3 CLASSPNP.SYS[f75fdfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x86d64b00]
18:45:46.796 Scan finished successfully
18:46:49.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mini\Desktop\MBR.dat"
18:46:50.000 The log file has been saved successfully to "C:\Documents and Settings\mini\Desktop\aswMBR.txt"


2nd OTL Log
OTL logfile created on: 5/4/2011 6:47:53 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 592.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.68 Gb Total Space | 135.30 Gb Free Space | 92.24% Space Free | Partition Type: NTFS

Computer Name: HSMINI14 | User Name: mini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 16:12:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads\OTL.exe
PRC - [2011/03/25 08:44:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/13 09:20:57 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2009/03/04 18:48:14 | 000,323,584 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
PRC - [2008/09/02 12:28:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/08/28 18:10:18 | 001,283,984 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/07/09 19:21:20 | 004,456,448 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008/06/24 02:21:36 | 000,600,680 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2008/06/24 02:21:34 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2008/06/24 02:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 20:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 16:12:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads\OTL.exe
MOD - [2011/03/13 09:21:13 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
MOD - [2008/06/24 02:20:26 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2008/09/02 12:28:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/06/24 02:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/09/26 20:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2005/03/29 12:28:44 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\LMabcoms.exe -- (lmab_device)


========== Driver Services (SafeList) ==========

DRV - [2009/02/18 05:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/10 22:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/22 21:03:24 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/06/22 23:23:58 | 000,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/06/19 23:43:36 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/06/11 01:14:18 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/05/29 22:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/02/04 04:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/01/11 17:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007/09/19 22:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/19 00:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3616731779-367775177-291561168-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKU\S-1-5-21-3616731779-367775177-291561168-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3616731779-367775177-291561168-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3616731779-367775177-291561168-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/13 09:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/11 00:18:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 12:40:36 | 000,000,000 | ---D | M]

[2011/01/31 17:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mini\Application Data\Mozilla\Extensions
[2011/05/04 18:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mini\Application Data\Mozilla\Firefox\Profiles\go4lsb34.default\extensions
[2011/01/31 23:18:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mini\Application Data\Mozilla\Firefox\Profiles\go4lsb34.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 20:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/13 09:21:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/11/03 10:48:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/04/13 07:39:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Diigo Toolbar Helper) - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Diigo Toolbar) - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3616731779-367775177-291561168-1009\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKU\S-1-5-21-3616731779-367775177-291561168-1009..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3616731779-367775177-291561168-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Diigo - {B952F2E0-5F9F-4898-89A8-4FB770625E09} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\mini\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mini\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 14:16:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 18:25:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/13 16:24:34 | 000,000,000 | ---D | C] -- C:\swshare
[2011/04/13 07:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mini\Application Data\Malwarebytes
[2011/04/11 03:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/11 02:38:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/11 02:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/11 02:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/11 02:38:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/11 02:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/09 12:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/09 12:39:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/05/04 18:46:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mini\Desktop\MBR.dat
[2011/05/04 18:45:21 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3616731779-367775177-291561168-1009UA.job
[2011/05/04 18:45:20 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3616731779-367775177-291561168-1009Core.job
[2011/05/04 18:32:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/05/04 18:26:34 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/04 18:26:34 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-1009.job
[2011/05/04 18:26:33 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/05/04 18:26:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 18:26:28 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/04 18:21:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/04 18:15:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2011/05/04 18:15:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2011/05/04 18:13:53 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/05/01 16:06:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-1009.job
[2011/05/01 15:23:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 23:19:05 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\mini\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/28 12:42:57 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/28 12:42:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2011/04/28 12:42:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011/04/28 12:12:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2011/04/28 12:12:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011/04/25 15:08:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/21 15:41:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2011/04/21 15:41:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011/04/13 16:25:39 | 000,388,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 16:24:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2011/04/13 16:24:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2011/04/13 07:40:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2011/04/13 07:40:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2011/04/13 07:39:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/12 20:18:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2011/04/12 20:18:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2011/04/11 07:16:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2011/04/11 07:16:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2011/04/11 03:57:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/04/11 03:57:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/04/11 02:56:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2011/04/11 02:56:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011/04/11 02:38:34 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 02:22:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/04/11 02:22:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/04/11 01:59:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2011/04/11 01:59:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2011/04/11 01:38:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2011/04/11 01:38:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2011/04/11 01:31:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2011/04/11 01:31:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2011/04/09 12:40:36 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2011/05/04 18:46:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mini\Desktop\MBR.dat
[2011/05/04 18:26:28 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/13 07:36:34 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/04/13 07:36:34 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3616731779-367775177-291561168-500.job
[2011/04/11 02:38:34 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/09 12:40:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/04/09 12:40:36 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/03/11 13:26:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/01/31 17:11:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/17 14:27:59 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\mini\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/10 19:05:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/10 11:24:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/03 11:02:12 | 000,001,345 | ---- | C] () -- C:\WINDOWS\LMAAT2DD.ini
[2009/03/04 19:46:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/04 18:52:45 | 000,148,792 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009/03/04 18:48:18 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/03/04 18:48:18 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/03/04 18:48:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/03/04 18:48:17 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/03/04 18:48:17 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/03/04 18:48:17 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/03/04 18:48:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/03/04 18:48:16 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/03/04 18:48:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/03/04 18:48:16 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/03/04 18:48:15 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/03/04 18:48:15 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/03/04 18:48:15 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/03/04 18:48:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/03/04 18:48:14 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/03/04 18:48:14 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/03/04 18:48:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/03/04 18:40:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/04 18:38:42 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/03/04 18:32:57 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2008/12/01 21:32:30 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys
[2008/07/21 16:08:39 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 15:04:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/07/21 15:04:41 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/07/21 15:04:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/07/21 15:04:41 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/07/21 15:04:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/07/21 15:04:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/07/21 15:04:41 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/07/21 15:04:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/21 15:04:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/07/21 15:04:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/07/21 15:04:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/07/21 15:04:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/07/21 14:18:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/21 14:14:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 07:09:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 07:09:12 | 000,388,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/24 02:20:42 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/03/04 18:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/04/11 03:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/28 12:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VeriFace
[2010/02/19 11:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mini\Application Data\Molecular Workbench
[2011/05/04 18:32:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/25 08:44:13 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/25 08:44:13 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/25 08:44:13 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/25 08:44:11 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 07:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 07:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 07:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/25 08:44:13 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/25 08:44:13 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/25 08:44:13 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/25 08:44:11 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 07:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 07:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 07:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "iexplore.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Extras log never opened automatically?
  • 0

#5
Essexboy
Posted 05 May 2011 - 10:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of these runs can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "firefox.exe
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "firefox.exe -safe-mode
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "iexplore.exe

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#6
Essexboy
Posted 11 May 2011 - 01:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
Essexboy
Posted 14 May 2011 - 05:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#8
cdiddy34
Posted 14 May 2011 - 09:06 AM

cdiddy34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OTL:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PicNotify\ deleted successfully.
C:\WINDOWS\system32\PicNotify.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator.HSMINI14\My Documents\Downloads\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: Administrator.HSMINI14
->Temp folder emptied: 3229 bytes
->Temporary Internet Files folder emptied: 43914 bytes
->FireFox cache emptied: 48853900 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mini
->Temp folder emptied: 1374878 bytes
->Temporary Internet Files folder emptied: 3064223 bytes
->Java cache emptied: 258495 bytes
->FireFox cache emptied: 98823554 bytes
->Flash cache emptied: 32763 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150369 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 134610 bytes

Total Files Cleaned = 146.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.HSMINI14
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: mini
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05132011_170207

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6569

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/13/2011 5:11:30 PM
mbam-log-2011-05-13 (17-11-30).txt

Scan type: Quick scan
Objects scanned: 152348
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\mini\Local Settings\Application Data\bpd.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


System seems to be working fine, only thing is on restart says a driver is not found. May be from something else?
  • 0

#9
Essexboy
Posted 14 May 2011 - 09:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you go to control panel please > device manager
Let me know if there are any yellow exclamations marks
If so what do they refer to ?
  • 0

#10
Essexboy
Posted 18 May 2011 - 12:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP