Jump to content
aqt395

Fighting Babylon search malware

Recommended Posts

Babylon search causing problems.

Every new Tab in IE8 defaults to Babylon search

Team,

After repeated MBAM runs and some poking around on the internets I found the following guidance on how to remedy Babylon Search:

"I don´t know if it is possible to find it in any menu in IE (at least I didn´t), but you can change it in the windows registry.

Open a dos shell, or execute "RegEdit" through the launch menu.

Find the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\About URLs\Tabs

and change the entry that points to babylon search, to the one you desire (be it google, bing, or whatever)."

The Registry change worked, the new Tab in IE8 no longer defaults to Babylon search. However I'm still concerned Babylon still resides somewhere or some other malware is not detected.

Your assistance is greatly appreciated.

Thanks in advance,

Below is a recent MBAB Log.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.07.07

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

home :: HOME-THINK [limited]

3/7/2012 7:17:05 PM

mbam-log-2012-03-07 (19-17-05).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 278762

Time elapsed: 20 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Hello aqt395! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

Maniac,

Glad to be here. Looking forward to taking care of this thing.

Also, please note, this machine was recently reinstalled (I'm guessing), so if you see any Lenovo or other bloatware that does or seems to cause trouble, please feel free to disposition of it.

OTL.Txt

OTL logfile created on: 3/8/2012 7:31:35 PM - Run 1

OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\home\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 54.05% Memory free

3.89 Gb Paging File | 2.75 Gb Available in Paging File | 70.64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.62 Gb Total Space | 118.59 Gb Free Space | 86.17% Space Free | Partition Type: NTFS

Drive Q: | 10.25 Gb Total Space | 5.80 Gb Free Space | 56.54% Space Free | Partition Type: NTFS

Computer Name: HOME-THINK | User Name: home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/08 19:31:07 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe

PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/09/04 17:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2009/09/04 15:28:16 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe

PRC - [2009/09/04 15:28:12 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

PRC - [2009/09/04 15:11:58 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe

PRC - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2009/08/19 19:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe

PRC - [2009/08/19 02:54:48 | 000,132,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2009/08/06 15:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/08/03 22:00:14 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

PRC - [2009/08/03 22:00:00 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe

PRC - [2009/07/14 20:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2009/07/14 01:15:36 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/01 21:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

PRC - [2009/07/01 21:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

PRC - [2009/03/13 03:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2009/02/02 04:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/25 03:11:35 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll

MOD - [2012/02/25 03:11:29 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll

MOD - [2012/02/25 03:10:56 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll

MOD - [2012/02/25 03:10:52 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll

MOD - [2012/02/25 03:10:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2011/12/09 00:58:34 | 000,133,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.shdocvw\1.1.0.0__aafc021ca424f5ad\Interop.shdocvw.dll

MOD - [2011/12/09 00:58:34 | 000,054,768 | ---- | M] () -- C:\Windows\assembly\GAC_32\pcdtoolbar\1.0.0.160__aafc021ca424f5ad\pcdtoolbar.dll

MOD - [2009/08/23 13:04:00 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL

MOD - [2009/07/01 21:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll

MOD - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/02/20 03:01:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/09/04 17:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2009/09/04 15:28:16 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)

SRV - [2009/09/04 15:28:12 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2009/08/23 13:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)

SRV - [2009/08/06 15:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/08/03 22:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®

SRV - [2009/08/03 22:00:00 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

SRV - [2009/07/14 20:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/03 04:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2009/07/01 21:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2009/04/28 21:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/12/19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

DRV - [2011/12/09 00:58:45 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)

DRV - [2009/08/23 13:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)

DRV - [2009/08/18 01:08:14 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{C4B36920-79E24793-06000000}_0)

DRV - [2009/08/18 01:08:14 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06000000}_0)

DRV - [2009/07/22 00:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®

DRV - [2009/07/02 13:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)

DRV - [2009/07/01 04:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel®

DRV - [2009/06/29 16:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2009/06/29 16:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2009/06/22 22:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2009/06/11 03:04:22 | 003,486,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2009/05/13 18:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel®

DRV - [2009/04/28 21:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2008/05/12 04:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {EAB0824F-18DE-4E7D-A1BA-BCF8829C0015}

IE - HKLM\..\SearchScopes\{EAB0824F-18DE-4E7D-A1BA-BCF8829C0015}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\..\SearchScopes,DefaultScope = {414CFD41-A668-49E1-805B-85429E3CB9E1}

IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\..\SearchScopes\{414CFD41-A668-49E1-805B-85429E3CB9E1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

[2012/01/21 19:55:01 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2012/03/06 19:42:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()

O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{966E00A3-7EA2-4113-9160-4A02874EE488}: DhcpNameServer = 167.206.245.130 167.206.245.129

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 19:30:59 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe

[2012/03/06 21:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab

[2012/03/06 21:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012/03/06 20:19:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

[2012/03/06 19:44:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/03/06 19:40:14 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/03/06 19:40:14 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\temp

[2012/03/06 19:35:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/03/05 20:49:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes

[2012/03/05 20:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/05 20:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/03/05 20:49:09 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/03/05 20:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/03/05 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Conexant

[2012/03/05 19:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/02/21 23:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/02/21 23:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012/02/20 03:36:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2012/02/20 03:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2012/02/12 13:31:23 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\odbcWebcdrom

[2012/02/11 17:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2012/02/11 17:53:42 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Google

[2012/02/11 17:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Google

========== Files - Modified Within 30 Days ==========

[2012/03/08 19:32:12 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/08 19:31:07 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe

[2012/03/08 19:27:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/08 19:26:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/03/07 19:20:57 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/03/07 19:20:57 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/03/07 19:20:48 | 000,021,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/03/07 19:20:48 | 000,021,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/03/07 19:13:50 | 000,001,422 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/03/07 19:13:19 | 1566,580,736 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/06 22:22:32 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2012/03/06 19:42:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/03/05 20:49:10 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/26 19:50:14 | 000,002,693 | ---- | M] () -- C:\Users\home\Desktop\Word 2007.lnk

[2012/02/26 17:26:29 | 000,870,128 | ---- | M] () -- C:\Users\home\AppData\Roaming\mcs.rma

[2012/02/26 17:26:29 | 000,000,004 | ---- | M] () -- C:\Users\home\AppData\Roaming\C02049

[2012/02/22 02:23:38 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat

[2012/02/20 03:39:02 | 000,412,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/02/15 20:03:50 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2012/03/07 19:13:50 | 000,001,428 | ---- | C] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/03/06 22:22:32 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2012/03/05 20:49:10 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/26 19:50:14 | 000,002,693 | ---- | C] () -- C:\Users\home\Desktop\Word 2007.lnk

[2012/02/22 02:23:38 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat

[2012/02/11 17:53:44 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/11 17:53:43 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/05 11:58:50 | 000,870,128 | ---- | C] () -- C:\Users\home\AppData\Roaming\mcs.rma

[2012/02/05 11:58:50 | 000,000,004 | ---- | C] () -- C:\Users\home\AppData\Roaming\C02049

[2011/12/09 01:40:20 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2011/12/09 01:40:20 | 000,232,448 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2011/12/09 01:40:20 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[2011/12/09 01:40:20 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2011/12/09 01:40:20 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2011/12/09 00:51:56 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2011/12/09 00:51:56 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2011/12/09 00:51:56 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin

[2011/12/09 00:51:56 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

========== LOP Check ==========

[2012/01/21 19:54:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Babylon

[2012/01/17 20:47:27 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\InterVideo

[2012/02/15 20:03:50 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2009/07/13 23:53:46 | 000,010,374 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

and Extras.Txt.

OTL Extras logfile created on: 3/8/2012 7:31:35 PM - Run 1

OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\home\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 54.05% Memory free

3.89 Gb Paging File | 2.75 Gb Available in Paging File | 70.64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.62 Gb Total Space | 118.59 Gb Free Space | 86.17% Space Free | Partition Type: NTFS

Drive Q: | 10.25 Gb Total Space | 5.80 Gb Free Space | 56.54% Space Free | Partition Type: NTFS

Computer Name: HOME-THINK | User Name: home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack

"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar

"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant

"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media

"{5C111F14-D9BE-459D-B0B6-B4D082F03749}" = Mobile Broadband Connect

"{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in

"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager and Intel® Turbo Memory

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation

"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager

"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel

"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus

"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)

"1D1219CED4DAD562C114C845725DCA2DCB312803" = Windows Driver Package - Sonix (SNP2UVC) Image (08/03/2009 5.8.53003.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD

"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter

"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)

"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

"ESET Online Scanner" = ESET Online Scanner v3

"HDMI" = Intel® Graphics Media Accelerator Driver

"HECI" = Intel® Management Engine Interface

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"Lenovo Welcome_is1" = Lenovo Welcome

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"MESOL" = Intel® Active Management Technology

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"OnScreenDisplay" = On Screen Display

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"Power Management Driver" = ThinkPad Power Management Driver

"PROPLUS" = Microsoft Office Professional Plus 2007

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7

"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/19/2012 1:08:29 PM | Computer Name = home-THINK | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/19/2012 1:09:24 PM | Computer Name = home-THINK | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "c:\program files\microsoft\search

enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file

"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"

on line 2. Invalid Xml syntax.

Error - 2/19/2012 3:52:23 PM | Computer Name = home-THINK | Source = Application Hang | ID = 1002

Description = The program Skype.exe version 5.5.0.124 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 1630 Start Time:

01ccef2108d0a1d2 Termination Time: 18 Application Path: C:\Program Files\Skype\Phone\Skype.exe

Report

Id:

Error - 2/20/2012 5:08:34 AM | Computer Name = home-THINK | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "C:\Program Files\Lenovo\Access

Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access

Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.

Error - 2/20/2012 5:08:49 AM | Computer Name = home-THINK | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/20/2012 5:09:26 AM | Computer Name = home-THINK | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "c:\program files\microsoft\search

enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file

"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"

on line 2. Invalid Xml syntax.

Error - 2/22/2012 12:44:28 AM | Computer Name = home-THINK | Source = System Restore | ID = 8193

Description =

Error - 2/22/2012 12:52:24 AM | Computer Name = home-THINK | Source = PerfNet | ID = 2004

Description =

Error - 2/22/2012 12:54:27 AM | Computer Name = home-THINK | Source = PerfNet | ID = 2004

Description =

Error - 2/22/2012 1:00:26 AM | Computer Name = home-THINK | Source = PerfNet | ID = 2004

Description =

[ System Events ]

Error - 2/22/2012 1:18:49 AM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 2/22/2012 1:18:49 AM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 2/22/2012 1:21:11 AM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/22/2012 10:28:11 PM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/23/2012 10:17:02 PM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/25/2012 4:28:42 AM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/26/2012 6:23:42 PM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 2/26/2012 9:59:14 PM | Computer Name = home-THINK | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 2/26/2012 9:59:15 PM | Computer Name = home-THINK | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 2/26/2012 10:04:54 PM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

< End of report >

Share this post


Link to post
Share on other sites
Also, please note, this machine was recently reinstalled (I'm guessing), so if you see any Lenovo or other bloatware that does or seems to cause trouble, please feel free to disposition of it.

You could prevent that if you have antivirus program installed, because right know you don't have any antivirus installed. I suggest you to be more carefully while installed any program in your system.

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {EAB0824F-18DE-4E7D-A1BA-BCF8829C0015}
    IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\..\SearchScopes,DefaultScope = {414CFD41-A668-49E1-805B-85429E3CB9E1}
    IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\..\SearchScopes\{414CFD41-A668-49E1-805B-85429E3CB9E1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    [2012/03/06 21:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/02/26 17:26:29 | 000,870,128 | ---- | M] () -- C:\Users\home\AppData\Roaming\mcs.rma
    [2012/02/26 17:26:29 | 000,000,004 | ---- | M] () -- C:\Users\home\AppData\Roaming\C02049
    [2012/01/21 19:54:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Babylon

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Step 2

Please download one of the following free antivirus programs:

http://www.avast.com/free-antivirus-download

http://windows.microsoft.com/en-US/windows/products/security-essentials

http://www.avira.com/en/avira-free-antivirus

Install, update it and perform a full system scan. Let me know about the results.

Share this post


Link to post
Share on other sites

OTL results below:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-4222434223-3108062619-2612777320-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-4222434223-3108062619-2612777320-1000\Software\Microsoft\Internet Explorer\SearchScopes\{414CFD41-A668-49E1-805B-85429E3CB9E1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414CFD41-A668-49E1-805B-85429E3CB9E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.

C:\ProgramData\Babylon folder moved successfully.

C:\Users\home\AppData\Roaming\mcs.rma moved successfully.

C:\Users\home\AppData\Roaming\C02049 moved successfully.

C:\Users\home\AppData\Roaming\Babylon folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: home

->Temp folder emptied: 16875489 bytes

->Temporary Internet Files folder emptied: 19048814 bytes

->Flash cache emptied: 291 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5073 bytes

RecycleBin emptied: 7745304 bytes

Total Files Cleaned = 42.00 mb

OTL by OldTimer - Version 3.2.36.1 log created on 03102012_133144

Files\Folders moved on Reboot...

C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJD7DZZ2\google_com[1].htm moved successfully.

C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJD7DZZ2\malwarebytes_org[1].htm moved successfully.

C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRM16CN4\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRM16CN4\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWUJX0TU\fastbutton[1].htm moved successfully.

Registry entries deleted on Reboot...

I also installed MS Essentials, downloaded the updtates and run a Full Scan on default settings.

Nothing was detected.

So far so good.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.