Click.GiftLoad :-(

**verko1** · 2011-05-20, 11:56

No redirects, no pop ups so far, everything runs fast, and I can tell even faster than before infection, PC uses less memory than ever before - hopefully it s not the beginning of the end :-)

One question though, at the very beginning I tried to reinstall Windows, but it didnt work since I didnt make the USB bootable. Still, it copied some files and changed booting sequence on PC start up. What shall I do to get rid of it? Somewhere on this forum I saw that I should delete one command in C:boot.ini.....yeah but which one :-/ ? (no need to answer i can google as well)

Since everything seems right, may I uninstall combofix, gooredfix, OTL, TDSSKiller and aswMBR? or shall I keep some of them for later use?

Here is the log from Malwarebytes.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6619

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.5.2011 11:16:32
mbam-log-2011-05-20 (11-16-32).txt

Scan type: Quick scan
Objects scanned: 144518
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I would like to Thank you for your valuable time that you could have invested otherwise (cooking Italian food :-) )

P.S. yesterday I found out that driver for Lenovo webcamera is called BISONcam so that Bison07 file is probably it.

**ken545** · 2011-05-20, 13:57

Hi,

Glad all is well, yep, cant live without my Italian food

You can change the boot sequence through the BIOS, most are different to access from different manufactures , what I would do is post here in there windows folder, give them the make and model of your computer and they can run you though it, its not difficult .

http://forums.whatthetech.com/index.php?showforum=119

Part of the cleaning is to clean out all your temp files and other garbage and to also reset your hosts file back to default. I will instruct you on how to remove all we have used when where done

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL



:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

**verko1** · 2011-05-20, 15:16

This should be logs from killing processes, cleaning and scanning:

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Konfigurace protokolu IP systému Windows
Na zařízení Připojení k místní síti nelze provést žádnou operaci, dokud je médium tohoto zařízení odpojeno.
Adaptér sítě Ethernet Připojení k místní síti:
Stav média . . . . . . . . . . . : odpojeno
Adaptér sítě Ethernet Bezdrátové připojení k síti:
Přípona DNS podle připojení . . . :
Adresa IP . . . . . . . . . . . . : 0.0.0.0
Maska podsítě . . . . . . . . . . : 0.0.0.0
Výchozí brána . . . . . . . . . . :
C:\Documents and Settings\Peto\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\Peto\Plocha\cmd.txt deleted successfully.
< ipconfig /renew /c >
Konfigurace protokolu IP systému Windows
Na zařízení Připojení k místní síti nelze provést žádnou operaci, dokud je médium tohoto zařízení odpojeno.
Adaptér sítě Ethernet Připojení k místní síti:
Stav média . . . . . . . . . . . : odpojeno
Adaptér sítě Ethernet Bezdrátové připojení k síti:
Přípona DNS podle připojení . . . :
Adresa IP . . . . . . . . . . . . : 192.168.1.2
Maska podsítě . . . . . . . . . . : 255.255.255.0
Výchozí brána . . . . . . . . . . : 192.168.1.1
C:\Documents and Settings\Peto\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\Peto\Plocha\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Konfigurace protokolu IP systému Windows
Mezipaměť překládání DNS byla úspěšně vyprázdněna.
C:\Documents and Settings\Peto\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\Peto\Plocha\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 7498 bytes
->Temporary Internet Files folder emptied: 4538502 bytes
->Java cache emptied: 659 bytes
->Flash cache emptied: 8442 bytes

User: Peto
->Temp folder emptied: 1757331 bytes
->Temporary Internet Files folder emptied: 10191953 bytes
->Java cache emptied: 5328395 bytes
->FireFox cache emptied: 658074999 bytes
->Flash cache emptied: 64212 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351732 bytes
%systemroot%\System32 .tmp files removed: 2775496 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6626 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 8087262 bytes

Total Files Cleaned = 661,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_145053

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 20.5.2011 15:02:44 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Peto\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1*014,00 Mb Total Physical Memory | 464,00 Mb Available Physical Memory | 46,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 84,40 Gb Free Space | 80,30% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 3,17 Gb Free Space | 10,85% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PV | User Name: Peto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Peto\Plocha\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\BisonC07\BisonM07.exe ()
PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Peto\Plocha\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)

========== Win32 Services (SafeList) ==========

SRV - (WLTRYSVC) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)

========== Driver Services (SafeList) ==========

DRV - (MpKsl77bf053c) -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{8E7BA440-8789-41B1-AD43-394456BF4934}\MpKsl77bf053c.sys (Microsoft Corporation)
DRV - (MpKsl757ac69e) -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{8E7BA440-8789-41B1-AD43-394456BF4934}\MpKsl757ac69e.sys (Microsoft Corporation)
DRV - (Angelnt) -- C:\WINDOWS\System32\Drivers\ANGELNT.SYS (Identcode Ltd.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (Cam5607) -- C:\WINDOWS\system32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (WSVD) -- C:\WINDOWS\system32\drivers\WSVD.sys (CyberLink)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: sk@dictionaries.addons.mozilla.org:2.03.2
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.05.18 14:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.10 12:05:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 11:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.11 11:47:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.01.31 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Extensions
[2010.01.31 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.19 22:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions
[2010.10.09 11:15:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.12 21:47:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.22 21:19:06 | 000,000,000 | ---D | M] (SlovnĂ*ky slovenskĂ©ho pravopisu) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\sk@dictionaries.addons.mozilla.org
[2010.10.09 11:15:54 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\youtube2mp3@mondayx.de
[2011.05.13 21:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.23 15:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 08:23:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.05 22:09:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.13 21:27:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\{CF47767D-5F3A-4E32-9FCE-5D79565C9702}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\SK@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE
[2011.05.13 21:27:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.04.14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.05.13 21:27:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011.05.20 14:51:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\..Trusted Domains: autobazar.eu ([]* in Důvěryhodné servery)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1264672677421 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.01 12:17:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.20 14:50:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.19 21:15:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.05.19 21:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\Virus+MS
[2011.05.19 09:33:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peto\Plocha\OTL.exe
[2011.05.19 00:26:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.05.18 23:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Data aplikací\Malwarebytes
[2011.05.18 23:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.05.18 23:21:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.05.18 23:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.05.18 23:21:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.05.18 23:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2011.05.18 23:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\GooredFix Backups
[2011.05.18 23:16:36 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Peto\Plocha\GooredFix.exe
[2011.05.17 16:04:52 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.14 20:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Adobe
[2011.05.14 19:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.05.13 22:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.13 22:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ERUNT
[2011.05.13 22:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.05.13 21:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.05.13 21:27:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.13 21:27:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.13 21:27:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.13 21:27:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.13 21:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.05.11 13:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Snapshot
[2011.05.01 18:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Thunderbird
[2011.04.30 17:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Sun
[2011.04.30 17:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2011.04.30 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2011.04.29 20:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011.04.23 17:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP33-50

========== Files - Modified Within 30 Days ==========

[2011.05.20 15:03:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.20 14:58:43 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011.05.20 14:58:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.20 14:58:11 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.20 14:51:10 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.05.20 14:51:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.05.20 14:50:59 | 000,434,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.05.20 14:50:59 | 000,431,420 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.05.20 14:50:59 | 000,079,708 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.05.20 14:50:59 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.05.20 14:42:29 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.05.20 10:52:33 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Malwarebytes.lnk
[2011.05.20 10:50:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.05.19 23:19:37 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Peto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.19 21:55:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.19 12:42:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\MBR.dat
[2011.05.19 09:34:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peto\Plocha\OTL.exe
[2011.05.19 00:26:54 | 000,000,390 | RHS- | M] () -- C:\boot.ini
[2011.05.18 23:16:39 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Peto\Plocha\GooredFix.exe
[2011.05.18 13:03:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011.05.18 00:28:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.18 00:28:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.05.17 16:04:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.16 20:22:14 | 000,029,151 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Snímek 005.jpg
[2011.05.16 20:21:24 | 000,030,420 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Snímek 004.jpg
[2011.05.13 22:08:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\ERUNT.lnk
[2011.05.13 21:27:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.13 21:27:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.13 21:27:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.13 21:27:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.13 21:27:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.05.12 10:09:40 | 000,434,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110519-212222.backup
[2011.05.10 14:50:47 | 002,631,789 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\PV_CH1.tif
[2011.05.10 12:10:45 | 000,000,273 | ---- | M] () -- C:\Boot.bak
[2011.05.02 22:08:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.05.02 21:43:29 | 000,433,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-100940.backup
[2011.05.01 20:53:00 | 000,029,417 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\SRO_vyssia.htm
[2011.05.01 20:52:44 | 000,029,417 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\SRO_nizka.htm
[2011.05.01 11:08:16 | 000,433,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110502-214329.backup
[2011.04.25 21:48:12 | 000,117,693 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Nemcina.pdf

========== Files Created - No Company Name ==========

[2011.05.20 10:52:33 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Malwarebytes.lnk
[2011.05.19 09:36:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\MBR.dat
[2011.05.19 00:26:49 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.05.16 20:22:14 | 000,029,151 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Snímek 005.jpg
[2011.05.16 20:21:24 | 000,030,420 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Snímek 004.jpg
[2011.05.13 22:08:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\ERUNT.lnk
[2011.05.10 14:47:13 | 002,631,789 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\PV_CH1.tif
[2011.05.09 22:09:34 | 000,000,273 | ---- | C] () -- C:\Boot.bak
[2011.05.09 22:09:33 | 000,467,439 | R--- | C] () -- C:\txtsetup.sif
[2011.05.09 22:09:33 | 000,261,328 | R--- | C] () -- C:\old_$LDR$
[2011.05.02 22:20:13 | 1063,202,816 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.01 20:52:57 | 000,029,417 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\SRO_vyssia.htm
[2011.05.01 20:52:43 | 000,029,417 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\SRO_nizka.htm
[2011.05.01 10:52:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.01 10:52:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.04.25 21:48:12 | 000,117,693 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Nemcina.pdf
[2011.03.07 20:51:15 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\ANGELDOS.SYS
[2010.10.21 21:07:00 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.10.10 20:10:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.02.01 15:18:28 | 000,026,112 | R--- | C] () -- C:\WINDOWS\LgUninst.exe
[2010.01.31 21:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.28 16:35:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.28 15:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.27 23:53:34 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Peto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.20 01:14:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.12.20 01:00:59 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.12.20 01:00:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009.12.20 01:00:57 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.12.20 01:00:57 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.12.20 01:00:57 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.12.20 01:00:57 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.12.20 01:00:57 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.12.20 01:00:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.12.20 01:00:56 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.12.20 01:00:56 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.12.20 01:00:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.12.20 01:00:54 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.12.20 01:00:54 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.12.20 01:00:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.12.20 01:00:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.12.20 01:00:52 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.12.20 00:58:22 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.09.28 04:03:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.09.28 03:04:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.01.16 18:55:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.11.07 18:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.09.01 14:07:47 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.09.01 14:06:25 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.09.01 12:20:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.09.01 12:14:26 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.22 04:30:37 | 000,001,650 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,434,452 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,431,420 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,079,708 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.14 14:00:00 | 000,069,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.11.06 12:16:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\angel32.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.10.10 09:36:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.10 09:35:30 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.09.13 20:59:12 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\mejlovani.dll
[1999.02.11 15:34:14 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\Kernel.dll

< End of report >

**ken545** · 2011-05-20, 16:39

All is well ???

**verko1** · 2011-05-20, 20:34

PC starts fast, windows update fully functional, firefox behaves as before (which is great because those ads were killing me), no pop ups, svchost not killing the pc anymore....I can say everything looks just as perfect here

Greaaaaat

**ken545** · 2011-05-20, 23:39

Malwarebytes is the free version and yours to keep, any tools that OTL does not remove can be just dragged to the trash, no sense in keeping them as they are updated on a regular basis

Lets update your Java to make your system more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 25, if not proceed with the instructions.

Download the latest version Here save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 25 <--The wording is confusing but this is what you need

Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version

You can verify the installation Here

System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

**verko1** · 2011-05-21, 00:37

Java was up to date, restore point created and old points deleted, combo uninstalled and now it s time to read those hints :-)

One more big thank you and good bye.

**ken545** · 2011-05-21, 02:20

**ken545** · 2011-05-27, 11:55

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Thread: Click.GiftLoad :-(

Thread Tools

Display

Thank you

Posting Permissions