[ZeroRegret]

Hello,

I think I have a virus on my laptop. I have used Spybot Search and Destroy as well as Malwarebytes' Anti-Malware to run a scan and to remove any infections found, however, I am not certain that my computer is totally clean and safe. I'm worried that there could still be viruses/trojans/keyloggers on my computer. Could you please help me to ensure that my computer is safe again? I was trying to download some movies off the internet and I believe that was when I was infected.

This is the log from Malwarebytes:

21/05/2011 9:41:29 PM
mbam-log-2011-05-21 (21-41-29).txt

Scan type: Full scan (C:\|Q:\|S:\|)
Objects scanned: 290299
Time elapsed: 2 hour(s), 29 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\Users\Donna\AppData\Local\jva.exe (Trojan.ExeShell.Gen) -> 7156 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Donna\AppData\Local\jva.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Donna\AppData\Local\jva.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Donna\AppData\Local\jva.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Donna\AppData\Local\jva.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\Donna\AppData\Local\mut.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

I've downloaded OTL and this is the log from OTL:

OTL logfile created on: 21/05/2011 9:59:55 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Donna\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 130.34 Gb Free Space | 58.80% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.37 Gb Free Space | 34.55% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.66 Gb Free Space | 44.91% Space Free | Partition Type: NTFS

Computer Name: DONNA-PC | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Donna\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\Bell\Internet Service Advisor\BISA.exe (Bell)
PRC - C:\Program Files\Bell\Internet Service Advisor\BISAComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\BellCanada\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Users\Donna\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Users\Donna\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (SafeList) ==========

MOD - C:\Users\Donna\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServicepointService) -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SandBox) -- C:\Windows\System32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\Windows\System32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\Windows\System32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (afwcore) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (VBEngNT) -- C:\Windows\System32\drivers\VBEngNT.sys (VirusBuster Kft.)
DRV - (afw) -- C:\Windows\System32\drivers\afw.sys (Agnitum Ltd.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (intelkmd) -- C:\Windows\System32\drivers\igdpmd32.sys (Intel Corporation)
DRV - (MUXP) -- C:\Windows\System32\drivers\mux.sys (Intel© Corporation)
DRV - (MUXMP) -- C:\Windows\System32\drivers\mux.sys (Intel© Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (HECI) Intel® -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/03 15:12:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 10:31:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 10:31:36 | 000,000,000 | ---D | M]

[2009/09/10 10:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donna\AppData\Roaming\Mozilla\Extensions
[2011/05/07 10:31:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\pc4e5qsd.default\extensions
[2010/12/27 11:52:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\pc4e5qsd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/18 21:20:56 | 000,000,000 | ---D | M] (CrowdStar Gamebar) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\pc4e5qsd.default\extensions\[email protected]
[2010/12/20 12:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/20 12:16:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/03 15:12:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/05/07 10:31:31 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/12/20 12:16:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 10:31:33 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/12/14 22:22:32 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BISA.exe] C:\Program Files\Bell\Internet Service Advisor\BISA.exe (Bell)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [tsnp2uvc] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Users\Donna\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Donna\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4060c476-98e6-11de-998a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4060c476-98e6-11de-998a-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 12:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{d88db112-0111-11df-9698-00265ebb889b}\Shell\Auto\command - "" = ServerNet.exe
O33 - MountPoints2\{d88db112-0111-11df-9698-00265ebb889b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe
O33 - MountPoints2\{d88db115-0111-11df-9698-00265ebb889b}\Shell\Auto\command - "" = ServerNet.exe
O33 - MountPoints2\{d88db115-0111-11df-9698-00265ebb889b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{08FEE5D8-83F3-4205-9033-9FF1266B90A3}
[2011/05/20 21:24:42 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{E93970EC-4457-4F2B-AF0B-DDCE9047862B}
[2011/05/19 20:40:39 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{6C238F5F-0987-49A6-B93F-9D87657A6334}
[2011/05/17 21:37:04 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{F4004D55-2E3C-4748-9FD4-25AF8567B878}
[2011/05/14 23:17:46 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{F418E8B0-4FA0-46A2-B32F-DD87552D7C16}
[2011/05/14 00:23:02 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{005F5D26-EE8E-421C-909D-76B47511320E}
[2011/05/12 22:08:39 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{EB66BC19-D4F5-498A-9AF5-634CE30CD833}
[2011/05/11 22:20:40 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{73BFC9B4-6A68-46F7-9499-39428A70BE91}
[2011/05/10 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{32510F09-374E-4838-BEF0-1F05CB438BF2}
[2011/05/09 03:00:29 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{CF14AC2C-4C0E-457F-A6FF-A4F29D056B0A}
[2011/05/08 12:00:09 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{6F835D49-1074-4FAC-9DE7-4E589E17FD3B}
[2011/05/07 23:59:48 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{4D65BD1E-492E-453B-9FB6-F0E6BC4EE378}
[2011/05/07 11:59:27 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{BF1D4789-29CE-4A41-8302-7E12F79B02A3}
[2011/05/06 23:59:03 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{0715075B-AE8D-4620-9400-340F3605F448}
[2011/05/05 21:20:01 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{2E731E26-52EF-47A6-9A41-A10DFD2A2ADA}
[2011/05/04 21:08:27 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{6FA38FE6-EFAB-4D7D-8942-B5D58C8F8223}
[2011/05/03 21:06:20 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{A20B6CF4-2600-425D-805F-8574C1CCB3AD}
[2011/05/02 03:00:29 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{9EAA7C38-A149-472D-995E-32B2585D49B1}
[2011/05/01 11:05:42 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{5F202A85-2BA5-4037-9C50-E15D2BC3AC08}
[2011/04/30 22:08:53 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{5FA7A9A1-C334-404E-A949-D7C994522B94}
[2011/04/30 10:07:40 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{7B04A10D-CF1D-4BEB-84B8-DB4AE8854DE9}
[2011/04/29 20:01:16 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{0F33DBAD-C573-475E-B279-7BBA6527E950}
[2011/04/28 10:18:20 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{8AF53D79-B162-4AD1-A352-A7EFD3F42EE8}
[2011/04/27 22:17:41 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{597D01FD-2501-443F-B6C8-415EE176FBD3}
[2011/04/26 21:31:00 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{948317FE-BEA9-4016-B0C9-6D7663F57AF3}
[2011/04/25 20:55:28 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{16F94A04-BBA9-4D44-86CF-2E39DB19E90B}
[2011/04/24 17:12:30 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{875786F2-8853-4A2D-944E-8DD58AB77A3C}
[2011/04/24 03:00:29 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{278C35E5-460D-42E9-A3B5-952D8E4F5305}
[2011/04/23 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{8CEA5701-31EF-4FFF-A143-302EFCDB30F0}
[2011/04/22 17:19:43 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{EE641904-98FE-40E8-AF5A-4312E0685FC8}
[2011/04/22 03:00:34 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{983F00FE-043A-4B5B-AFC4-0D6755F4F683}
[2009/09/03 20:15:30 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/09/03 20:15:29 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/05/21 21:57:39 | 000,000,519 | ---- | M] () -- C:\Users\Donna\Desktop\OTL.lnk
[2011/05/21 21:44:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 21:44:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 21:44:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/21 21:44:12 | 2088,792,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/21 21:42:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/21 21:09:23 | 000,010,524 | -HS- | M] () -- C:\Users\Donna\AppData\Local\e4p658450oy660al14dx
[2011/05/21 21:09:23 | 000,010,524 | -HS- | M] () -- C:\ProgramData\e4p658450oy660al14dx
[2011/05/21 19:11:06 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/18 03:00:27 | 000,001,356 | ---- | M] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2011/05/11 23:47:56 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2011/05/21 21:57:24 | 000,000,519 | ---- | C] () -- C:\Users\Donna\Desktop\OTL.lnk
[2011/05/21 14:08:26 | 000,010,524 | -HS- | C] () -- C:\Users\Donna\AppData\Local\e4p658450oy660al14dx
[2011/05/21 14:08:26 | 000,010,524 | -HS- | C] () -- C:\ProgramData\e4p658450oy660al14dx
[2011/05/07 10:31:39 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010/04/11 22:44:39 | 000,000,000 | ---- | C] () -- C:\Users\Donna\AppData\Local\prvlcl.dat
[2009/12/16 00:14:17 | 000,001,356 | ---- | C] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2009/09/17 09:13:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 09:13:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/12 01:19:05 | 000,040,960 | ---- | C] () -- C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 12:30:21 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/09/10 09:45:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/03 20:28:15 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/09/03 20:28:15 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/03 20:26:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/09/03 20:26:29 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/09/03 20:26:29 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/09/03 20:26:29 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/09/03 20:26:29 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/09/03 20:26:29 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/09/03 20:16:34 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/09/03 20:16:33 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/09/03 20:16:33 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/09/03 20:16:32 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/09/03 20:16:31 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/09/03 20:16:31 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/09/03 20:16:31 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/09/03 20:15:29 | 001,754,368 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/09/03 20:15:29 | 000,028,800 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/09/03 20:15:29 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/09/03 19:48:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/03 19:45:23 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2008/04/08 17:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,420,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/12/20 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Agnitum
[2010/08/06 23:06:45 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Bell
[2009/12/13 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\InterVideo
[2011/02/07 22:14:25 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Juniper Networks
[2009/09/10 09:45:24 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Leadertech
[2009/09/10 09:45:53 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Lenovo
[2010/01/14 11:06:57 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Octoshape
[2011/05/11 23:47:56 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/21 21:43:02 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Thank you in advance for your help.

[Advertisements]

Hello ZeroRegret,

Sorry about the delay. I need to see a fresh log so please run OTL again and post the new report for my review. Thanks.

[sempai]

Hello ZeroRegret,

Sorry about the delay. I need to see a fresh log so please run OTL again and post the new report for my review. Thanks.

[ZeroRegret]

Hi Sempai,

Thank you for responding to my inquiry! I re-ran OTL and this is the report:

OTL logfile created on: 28/05/2011 6:43:53 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Donna\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 129.56 Gb Free Space | 58.45% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.37 Gb Free Space | 34.55% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.66 Gb Free Space | 44.91% Space Free | Partition Type: NTFS

Computer Name: DONNA-PC | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Donna\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\Bell\Internet Service Advisor\BISA.exe (Bell)
PRC - C:\Program Files\Bell\Internet Service Advisor\BISAComHandler.exe (Radialpoint Inc.)
PRC - c:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\BellCanada\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Users\Donna\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Users\Donna\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (SafeList) ==========

MOD - C:\Users\Donna\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServicepointService) -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SandBox) -- C:\Windows\System32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\Windows\System32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\Windows\System32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (afwcore) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (VBEngNT) -- C:\Windows\System32\drivers\VBEngNT.sys (VirusBuster Kft.)
DRV - (afw) -- C:\Windows\System32\drivers\afw.sys (Agnitum Ltd.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (intelkmd) -- C:\Windows\System32\drivers\igdpmd32.sys (Intel Corporation)
DRV - (MUXP) -- C:\Windows\System32\drivers\mux.sys (Intel© Corporation)
DRV - (MUXMP) -- C:\Windows\System32\drivers\mux.sys (Intel© Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (HECI) Intel® -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/03 15:12:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 10:31:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 10:31:36 | 000,000,000 | ---D | M]

[2009/09/10 10:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donna\AppData\Roaming\Mozilla\Extensions
[2011/05/07 10:31:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\pc4e5qsd.default\extensions
[2010/12/27 11:52:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\pc4e5qsd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/28 18:42:23 | 000,000,000 | ---D | M] ("CrowdStar Gamebar") -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\pc4e5qsd.default\extensions\[email protected]
[2010/12/20 12:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/20 12:16:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/03 15:12:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/05/07 10:31:31 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/12/20 12:16:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 10:31:33 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/12/14 22:22:32 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BISA.exe] C:\Program Files\Bell\Internet Service Advisor\BISA.exe (Bell)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [tsnp2uvc] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Users\Donna\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Donna\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4060c476-98e6-11de-998a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4060c476-98e6-11de-998a-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 12:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{d88db112-0111-11df-9698-00265ebb889b}\Shell\Auto\command - "" = ServerNet.exe
O33 - MountPoints2\{d88db112-0111-11df-9698-00265ebb889b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe
O33 - MountPoints2\{d88db115-0111-11df-9698-00265ebb889b}\Shell\Auto\command - "" = ServerNet.exe
O33 - MountPoints2\{d88db115-0111-11df-9698-00265ebb889b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{08FEE5D8-83F3-4205-9033-9FF1266B90A3}
[2011/05/20 21:24:42 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{E93970EC-4457-4F2B-AF0B-DDCE9047862B}
[2011/05/19 20:40:39 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{6C238F5F-0987-49A6-B93F-9D87657A6334}
[2011/05/17 21:37:04 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{F4004D55-2E3C-4748-9FD4-25AF8567B878}
[2011/05/14 23:17:46 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{F418E8B0-4FA0-46A2-B32F-DD87552D7C16}
[2011/05/14 00:23:02 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{005F5D26-EE8E-421C-909D-76B47511320E}
[2011/05/12 22:08:39 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{EB66BC19-D4F5-498A-9AF5-634CE30CD833}
[2011/05/11 22:20:40 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{73BFC9B4-6A68-46F7-9499-39428A70BE91}
[2011/05/10 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{32510F09-374E-4838-BEF0-1F05CB438BF2}
[2011/05/09 03:00:29 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{CF14AC2C-4C0E-457F-A6FF-A4F29D056B0A}
[2011/05/08 12:00:09 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{6F835D49-1074-4FAC-9DE7-4E589E17FD3B}
[2011/05/07 23:59:48 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{4D65BD1E-492E-453B-9FB6-F0E6BC4EE378}
[2011/05/07 11:59:27 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{BF1D4789-29CE-4A41-8302-7E12F79B02A3}
[2011/05/06 23:59:03 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{0715075B-AE8D-4620-9400-340F3605F448}
[2011/05/05 21:20:01 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{2E731E26-52EF-47A6-9A41-A10DFD2A2ADA}
[2011/05/04 21:08:27 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{6FA38FE6-EFAB-4D7D-8942-B5D58C8F8223}
[2011/05/03 21:06:20 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{A20B6CF4-2600-425D-805F-8574C1CCB3AD}
[2011/05/02 03:00:29 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{9EAA7C38-A149-472D-995E-32B2585D49B1}
[2011/05/01 11:05:42 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{5F202A85-2BA5-4037-9C50-E15D2BC3AC08}
[2011/04/30 22:08:53 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{5FA7A9A1-C334-404E-A949-D7C994522B94}
[2011/04/30 10:07:40 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{7B04A10D-CF1D-4BEB-84B8-DB4AE8854DE9}
[2011/04/29 20:01:16 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{0F33DBAD-C573-475E-B279-7BBA6527E950}
[2009/09/03 20:15:30 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/09/03 20:15:29 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/05/28 18:38:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/28 18:38:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/28 18:38:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/23 03:00:33 | 000,001,356 | ---- | M] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2011/05/21 21:57:39 | 000,000,519 | ---- | M] () -- C:\Users\Donna\Desktop\OTL.lnk
[2011/05/21 21:44:12 | 2088,792,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/21 21:42:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/21 21:09:23 | 000,010,524 | -HS- | M] () -- C:\Users\Donna\AppData\Local\e4p658450oy660al14dx
[2011/05/21 21:09:23 | 000,010,524 | -HS- | M] () -- C:\ProgramData\e4p658450oy660al14dx
[2011/05/21 19:11:06 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/11 23:47:56 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2011/05/21 21:57:24 | 000,000,519 | ---- | C] () -- C:\Users\Donna\Desktop\OTL.lnk
[2011/05/21 14:08:26 | 000,010,524 | -HS- | C] () -- C:\Users\Donna\AppData\Local\e4p658450oy660al14dx
[2011/05/21 14:08:26 | 000,010,524 | -HS- | C] () -- C:\ProgramData\e4p658450oy660al14dx
[2011/05/07 10:31:39 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010/04/11 22:44:39 | 000,000,000 | ---- | C] () -- C:\Users\Donna\AppData\Local\prvlcl.dat
[2009/12/16 00:14:17 | 000,001,356 | ---- | C] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2009/09/17 09:13:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 09:13:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/12 01:19:05 | 000,040,960 | ---- | C] () -- C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 12:30:21 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/09/10 09:45:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/03 20:28:15 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/09/03 20:28:15 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/03 20:26:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/09/03 20:26:29 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/09/03 20:26:29 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/09/03 20:26:29 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/09/03 20:26:29 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/09/03 20:26:29 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/09/03 20:16:34 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/09/03 20:16:33 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/09/03 20:16:33 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/09/03 20:16:32 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/09/03 20:16:31 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/09/03 20:16:31 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/09/03 20:16:31 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/09/03 20:15:29 | 001,754,368 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/09/03 20:15:29 | 000,028,800 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/09/03 20:15:29 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/09/03 19:48:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/03 19:45:23 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2008/04/08 17:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,420,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/12/20 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Agnitum
[2010/08/06 23:06:45 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Bell
[2009/12/13 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\InterVideo
[2011/02/07 22:14:25 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Juniper Networks
[2009/09/10 09:45:24 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Leadertech
[2009/09/10 09:45:53 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Lenovo
[2010/01/14 11:06:57 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Octoshape
[2011/05/11 23:47:56 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/21 21:43:02 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[sempai]

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

• Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
• If prompted with a legal dialog, accept the warning.
• Click and then on "Advanced Mode"
  
• You may be presented with a warning dialog. If so, press
• Click on
• Click on
• Uncheck this checkbox:
  
• Close/Exit Spybot Search and Destroy

Asksbar/Ask Toolbar warning:
I strongly suggest that you uninstall Asksbar/Ask Toolbar. Some of the bad practices of this toolbar are:

• Promoting its toolbars on sites targeted to kids. Details.
• Promoting its toolbars through ads that appear to be part of other companies' sites. Details.
• Promoting its toolbars through other companies' spyware. Details.
• Installing without any disclosure whatsoever and without any consent whatsoever. Details.
• Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link. Details.
• Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit. Details.

Please read the full details HERE.


=====================================


1. Please download SystemLook from jpshortstuff and save it to your Desktop

Download Mirror #1
Download Mirror #2

• Double-click the SystemLook and copy/paste the following into the box
  

  :file
  C:\Users\Donna\AppData\Local\e4p658450oy660al14dx
  C:\ProgramData\e4p658450oy660al14dx

• Hit the Look button. Let it finish the scan
• A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

2. Please reopen OTL on your desktop.

• Copy and Paste the following code into the Custom Scan/Fixes text box.
  
  

  :OTL
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O4 - HKLM..\Run: [tsnp2uvc] File not found
  
  :Commands
  [EMPTYTEMP] 
  

• Push the Run Fix button.
• OTL may ask to reboot the machine. Please do so if asked.
• A massage box "Fix complete! Click OK to open the fix log." will pop-up.
• Click the OK button and a report will open.
• Copy and Paste that report in your next reply.

[ZeroRegret]

Hi sempai,

Can you tell me how to remove ask toolbar?

This is the report from SystemLook:

SystemLook 04.09.10 by jpshortstuff
Log created at 14:28 on 29/05/2011 by Donna
Administrator - Elevation successful

========== file ==========

C:\Users\Donna\AppData\Local\e4p658450oy660al14dx - File found and opened.
MD5: 340B4F52D9497D977A98F0835AD61A4E
Created at 18:08 on 21/05/2011
Modified at 01:09 on 22/05/2011
Size: 10524 bytes
Attributes: --ahs--
No version information available.

C:\ProgramData\e4p658450oy660al14dx - File found and opened.
MD5: 340B4F52D9497D977A98F0835AD61A4E
Created at 18:08 on 21/05/2011
Modified at 01:09 on 22/05/2011
Size: 10524 bytes
Attributes: --ahs--
No version information available.

-= EOF =-

This is the report from OTL:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tsnp2uvc not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Donna
->Temp folder emptied: 378883 bytes
->Temporary Internet Files folder emptied: 50051 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7709351 bytes
->Flash cache emptied: 750 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05292011_142903

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[sempai]

Can you tell me how to remove ask toolbar?

Go to Control Panel> Programs > Programs and Features > locate and remove Askbar or Ask toolbar.


1. Please go to http://virscan.org/

• Navigate the following file path into the "Suspicious files to scan" box on the top of the page:
  
  

  C:\Users\Donna\AppData\Local\e4p658450oy660al14dx
  C:\ProgramData\e4p658450oy660al14dx

• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.
  
  
  2. ESET Online Scanner:
  
  Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  
  Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  
  
  • Please go here to run the scan.
    

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[ZeroRegret]

I seem to have some trouble locating Ask, Ask toolbar, askbar in my programs. :S I tried uninstalling it from the web browser, but I'm not sure if that removes the toolbar completely.

I tried to using virscan, however, when I tried to enter the file paths, I received the following message for both files:

"Windows cannot find 'C:\ProgramData\e4p658450oy660a114dx'. Check the spelling and try again."

I ran the esetsmart scan and the result was that there were no threats found. A log didn't pop up after running the scan.

Stats from the scan:

Scanned files: 134240
Infected Files: 0
Cleaned Files: 0
Total Scan time: 01:07:18
Scan status: Finished

[sempai]

How's the computer running?

Please run OTL and click the quick scan button, post the new report for my review.

[ZeroRegret]

My computer seems to be running fine.

Here's the log from the OTL quick scan:

OTL logfile created on: 31/05/2011 10:08:28 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Donna\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 129.62 Gb Free Space | 58.48% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.37 Gb Free Space | 34.55% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.66 Gb Free Space | 44.91% Space Free | Partition Type: NTFS

Computer Name: DONNA-PC | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Donna\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\Bell\Internet Service Advisor\BISA.exe (Bell)
PRC - C:\Program Files\Bell\Internet Service Advisor\BISAComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\BellCanada\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (Wisdom Software Inc. )
PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Users\Donna\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Users\Donna\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (SafeList) ==========

MOD - C:\Users\Donna\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServicepointService) -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SandBox) -- C:\Windows\System32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\Windows\System32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\Windows\System32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (afwcore) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (VBEngNT) -- C:\Windows\System32\drivers\VBEngNT.sys (VirusBuster Kft.)
DRV - (afw) -- C:\Windows\System32\drivers\afw.sys (Agnitum Ltd.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (intelkmd) -- C:\Windows\System32\drivers\igdpmd32.sys (Intel Corporation)
DRV - (MUXP) -- C:\Windows\System32\drivers\mux.sys (Intel© Corporation)
DRV - (MUXMP) -- C:\Windows\System32\drivers\mux.sys (Intel© Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (HECI) Intel® -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/03 15:12:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 10:31:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 10:31:36 | 000,000,000 | ---D | M]

[2009/09/10 10:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donna\AppData\Roaming\Mozilla\Extensions
[2011/05/29 21:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\pc4e5qsd.default\extensions
[2010/12/27 11:52:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\pc4e5qsd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/20 12:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/20 12:16:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/03 15:12:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/05/07 10:31:31 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/12/20 12:16:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 10:31:33 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/12/14 22:22:32 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BISA.exe] C:\Program Files\Bell\Internet Service Advisor\BISA.exe (Bell)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Users\Donna\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Donna\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4060c476-98e6-11de-998a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4060c476-98e6-11de-998a-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 12:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{d88db112-0111-11df-9698-00265ebb889b}\Shell\Auto\command - "" = ServerNet.exe
O33 - MountPoints2\{d88db112-0111-11df-9698-00265ebb889b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe
O33 - MountPoints2\{d88db115-0111-11df-9698-00265ebb889b}\Shell\Auto\command - "" = ServerNet.exe
O33 - MountPoints2\{d88db115-0111-11df-9698-00265ebb889b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 11:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/29 14:21:59 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{5303D949-E285-4364-B94B-4F4BDFD5AB96}
[2011/05/29 14:17:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/21 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{08FEE5D8-83F3-4205-9033-9FF1266B90A3}
[2011/05/20 21:24:42 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{E93970EC-4457-4F2B-AF0B-DDCE9047862B}
[2011/05/19 20:40:39 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{6C238F5F-0987-49A6-B93F-9D87657A6334}
[2011/05/17 21:37:04 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{F4004D55-2E3C-4748-9FD4-25AF8567B878}
[2011/05/14 23:17:46 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{F418E8B0-4FA0-46A2-B32F-DD87552D7C16}
[2011/05/14 00:23:02 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{005F5D26-EE8E-421C-909D-76B47511320E}
[2011/05/12 22:08:39 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{EB66BC19-D4F5-498A-9AF5-634CE30CD833}
[2011/05/11 22:20:40 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{73BFC9B4-6A68-46F7-9499-39428A70BE91}
[2011/05/10 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{32510F09-374E-4838-BEF0-1F05CB438BF2}
[2011/05/09 03:00:29 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{CF14AC2C-4C0E-457F-A6FF-A4F29D056B0A}
[2011/05/08 12:00:09 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{6F835D49-1074-4FAC-9DE7-4E589E17FD3B}
[2011/05/07 23:59:48 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{4D65BD1E-492E-453B-9FB6-F0E6BC4EE378}
[2011/05/07 11:59:27 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{BF1D4789-29CE-4A41-8302-7E12F79B02A3}
[2011/05/06 23:59:03 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{0715075B-AE8D-4620-9400-340F3605F448}
[2011/05/05 21:20:01 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{2E731E26-52EF-47A6-9A41-A10DFD2A2ADA}
[2011/05/04 21:08:27 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{6FA38FE6-EFAB-4D7D-8942-B5D58C8F8223}
[2011/05/03 21:06:20 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{A20B6CF4-2600-425D-805F-8574C1CCB3AD}
[2011/05/02 03:00:29 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{9EAA7C38-A149-472D-995E-32B2585D49B1}
[2011/05/01 11:05:42 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\{5F202A85-2BA5-4037-9C50-E15D2BC3AC08}
[2009/09/03 20:15:30 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/09/03 20:15:29 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/05/31 10:13:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/31 10:13:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/31 10:05:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/29 14:30:40 | 2088,792,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/29 14:29:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/23 03:00:33 | 000,001,356 | ---- | M] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2011/05/21 21:57:39 | 000,000,519 | ---- | M] () -- C:\Users\Donna\Desktop\OTL.lnk
[2011/05/21 21:09:23 | 000,010,524 | -HS- | M] () -- C:\Users\Donna\AppData\Local\e4p658450oy660al14dx
[2011/05/21 21:09:23 | 000,010,524 | -HS- | M] () -- C:\ProgramData\e4p658450oy660al14dx
[2011/05/21 19:11:06 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/11 23:47:56 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2011/05/21 21:57:24 | 000,000,519 | ---- | C] () -- C:\Users\Donna\Desktop\OTL.lnk
[2011/05/21 14:08:26 | 000,010,524 | -HS- | C] () -- C:\Users\Donna\AppData\Local\e4p658450oy660al14dx
[2011/05/21 14:08:26 | 000,010,524 | -HS- | C] () -- C:\ProgramData\e4p658450oy660al14dx
[2011/05/07 10:31:39 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010/04/11 22:44:39 | 000,000,000 | ---- | C] () -- C:\Users\Donna\AppData\Local\prvlcl.dat
[2009/12/16 00:14:17 | 000,001,356 | ---- | C] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2009/09/17 09:13:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 09:13:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/12 01:19:05 | 000,040,960 | ---- | C] () -- C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 12:30:21 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/09/10 09:45:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/03 20:28:15 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/09/03 20:28:15 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/03 20:26:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/09/03 20:26:29 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/09/03 20:26:29 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/09/03 20:26:29 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/09/03 20:26:29 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/09/03 20:26:29 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/09/03 20:16:34 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/09/03 20:16:33 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/09/03 20:16:33 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/09/03 20:16:32 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/09/03 20:16:31 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/09/03 20:16:31 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/09/03 20:16:31 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/09/03 20:15:29 | 001,754,368 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/09/03 20:15:29 | 000,028,800 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/09/03 20:15:29 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/09/03 19:48:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/03 19:45:23 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2008/04/08 17:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,420,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/12/20 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Agnitum
[2010/08/06 23:06:45 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Bell
[2009/12/13 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\InterVideo
[2011/02/07 22:14:25 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Juniper Networks
[2009/09/10 09:45:24 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Leadertech
[2009/09/10 09:45:53 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Lenovo
[2010/01/14 11:06:57 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Octoshape
[2011/05/11 23:47:56 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/29 14:29:40 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[sempai]

Please reopen OTL on your desktop.

• Copy and Paste the following code into the Custom Scan/Fixes text box.
  
  

  :OTL
  FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O33 - MountPoints2\{d88db112-0111-11df-9698-00265ebb889b}\Shell\Auto\command - "" = ServerNet.exe
  O33 - MountPoints2\{d88db112-0111-11df-9698-00265ebb889b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe
  O33 - MountPoints2\{d88db115-0111-11df-9698-00265ebb889b}\Shell\Auto\command - "" = ServerNet.exe
  O33 - MountPoints2\{d88db115-0111-11df-9698-00265ebb889b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe
  
  :Commands
  [EMPTYTEMP] 
  

• Push the Run Fix button.
• OTL may ask to reboot the machine. Please do so if asked.
• A massage box "Fix complete! Click OK to open the fix log." will pop-up.
• Click the OK button and a report will open.
• Copy and Paste that report in your next reply.

[ZeroRegret]

This is the report from OTL:

All processes killed
========== OTL ==========
Prefs.js: [email protected]:3.11.3.15590 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d88db112-0111-11df-9698-00265ebb889b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d88db112-0111-11df-9698-00265ebb889b}\ not found.
File ServerNet.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d88db112-0111-11df-9698-00265ebb889b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d88db112-0111-11df-9698-00265ebb889b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d88db115-0111-11df-9698-00265ebb889b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d88db115-0111-11df-9698-00265ebb889b}\ not found.
File ServerNet.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d88db115-0111-11df-9698-00265ebb889b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d88db115-0111-11df-9698-00265ebb889b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ServerNet.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Donna
->Temp folder emptied: 5184868 bytes
->Temporary Internet Files folder emptied: 389697 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100834651 bytes
->Flash cache emptied: 3076 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 595324 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2475384 bytes

Total Files Cleaned = 104.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05312011_113654

Files\Folders moved on Reboot...
C:\Windows\temp\TMP000000AB8980ED915654B8EB moved successfully.

Registry entries deleted on Reboot...

[sempai]

Let's rescan with MBAM and then update your Java. Also please let me know in your next post if you still have any question or concern.


1. Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.

• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



2. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Download the latest version of Java Runtime Environment (JRE) Version 6.
• Look for "JDK 6 Update 25 (JDK or JRE).
• Click the "Download JRE" button to the right.
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
  
  • Select "Windows x86 Offline" and click on jre-6u25-windows-i586.exe
• Save it to your desktop
• Close any programs you may have running - especially your web browser.
• Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
• Reboot your computer once all Java components are removed.
• Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

[ZeroRegret]

The MBAM scan produced no malicious items. Here's the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6734

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

31/05/2011 4:37:29 PM
mbam-log-2011-05-31 (16-37-29).txt

Scan type: Full scan (C:\|E:\|Q:\|S:\|)
Objects scanned: 289288
Time elapsed: 2 hour(s), 29 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[sempai]

Anymore question or concern before we proceed with housekeeping to properly remove the tools.

[ZeroRegret]

Does this mean that my computer is safe to use again? I have no additional questions.