Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Help!Virus keeps blocking webpages??

2»

Comments

  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    That link to Malwarebytes wont load for me.Keeps saying problem with page,server not found.What a pain!


  • Closed Accounts Posts: 415 ✭✭SeanKev


    Download the installer and transfer it via USB, full scan.


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    Heres results of quick scan,I'll do full scan now shortly-

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3967

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    09/05/2010 10:02:02
    mbam-log-2010-05-09 (10-02-02).txt

    Scan type: Quick scan
    Objects scanned: 119390
    Time elapsed: 4 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 2
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\awtldaj (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql600oko (Worm.KoobFace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QL600OKO (Worm.KoobFace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swoko (Worm.KoobFace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SWOKO (Worm.KoobFace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvc (Worm.KoobFace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\captcha (Worm.KoobFace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\uogzqfu.dll (Worm.Conficker) -> Delete on reboot.
    C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    heres full scan log-

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3967

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    09/05/2010 10:35:27
    mbam-log-2010-05-09 (10-35-27).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 174603
    Time elapsed: 27 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    Any further instuctions,will I load up AV software?


  • Advertisement
  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    download AntiVir, update it run a full scan post that log here


    are you plugging in some sort of external drive to the pc, seems you are re-infecting yourself


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    no just using the USB key to load files from PC to laptop.Maybe USB key is knackered??


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    sorry just remembered,have an external hard drive but it hasnt been physically connected to the PC in weeks,I've left it unplugged.Would that make a difference?I'll run that scan now,thanks


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    Hi,heres resulta of antiVir-



    Avira AntiVir Personal
    Report file date: 09 May 2010 20:09

    Scanning for 1983321 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : Elaine
    Computer name : LENOVO-FA694358

    Version information:
    BUILD.DAT : 10.0.0.561 32098 Bytes 3/18/2010 15:46:00
    AVSCAN.EXE : 10.0.2.3 433832 Bytes 3/7/2010 16:57:10
    AVSCAN.DLL : 10.0.2.2 45928 Bytes 3/2/2010 11:48:47
    LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 17:33:04
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 22:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 08:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 18:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 16:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 15:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 10:29:03
    VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 10:29:03
    VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 10:29:03
    VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 10:29:03
    VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 10:29:03
    VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 10:29:03
    VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 10:29:03
    VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 10:29:03
    VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 10:29:03
    VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 14:43:21
    VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 14:24:21
    VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 16:41:40
    VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 08:25:53
    VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 08:39:58
    VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 12:01:24
    VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 19:08:01
    VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 19:08:02
    VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 19:08:02
    VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 19:08:03
    VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 19:08:04
    VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 19:08:05
    VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 19:08:06
    VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 19:08:07
    VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 19:08:08
    VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 19:08:09
    VBASE029.VDF : 7.10.6.45 2048 Bytes 4/7/2010 19:08:10
    VBASE030.VDF : 7.10.6.46 2048 Bytes 4/7/2010 19:08:10
    VBASE031.VDF : 7.10.6.49 49664 Bytes 4/8/2010 19:08:10
    Engineversion : 8.2.1.210
    AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 11:16:21
    AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 5/9/2010 19:08:33
    AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 17:38:41
    AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 10:09:47
    AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 10:09:47
    AEPACK.DLL : 8.2.1.1 426358 Bytes 5/9/2010 19:08:29
    AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 10:09:46
    AEHEUR.DLL : 8.1.1.16 2503031 Bytes 5/9/2010 19:08:26
    AEHELP.DLL : 8.1.11.3 242039 Bytes 5/9/2010 19:08:15
    AEGEN.DLL : 8.1.3.6 373108 Bytes 5/9/2010 19:08:14
    AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 08:04:22
    AECORE.DLL : 8.1.13.1 188790 Bytes 5/9/2010 19:08:12
    AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 11:15:06
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 11:03:38
    AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 11:03:35
    AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 15:47:40
    AVREG.DLL : 10.0.1.2 52072 Bytes 1/29/2010 10:47:41
    AVSCPLR.DLL : 10.0.2.3 83304 Bytes 3/7/2010 17:02:30
    AVARKT.DLL : 10.0.0.13 227176 Bytes 3/7/2010 16:48:41
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 08:53:30
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 11:57:58
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 14:38:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 13:41:00
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 12:10:20
    RCTEXT.DLL : 10.0.46.0 97128 Bytes 3/5/2010 09:09:41

    Configuration settings for the scan:
    Jobname.............................: Short system scan after installation
    Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: 09 May 2010 20:09

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avconfig.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'setup.exe' - '1' Module(s) have been scanned
    Scan process 'msiexec.exe' - '1' Module(s) have been scanned
    Scan process 'presetup.exe' - '1' Module(s) have been scanned
    Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'tvtpwm_tray.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'SwiApiMux.exe' - '1' Module(s) have been scanned
    Scan process 'DkIcon.exe' - '1' Module(s) have been scanned
    Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
    Scan process 'Watcher.exe' - '1' Module(s) have been scanned
    Scan process 'QuickDCF2.exe' - '1' Module(s) have been scanned
    Scan process 'BTTray.exe' - '1' Module(s) have been scanned
    Scan process 'WMPNSCFG.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'WaHelper.exe' - '1' Module(s) have been scanned
    Scan process 'TRUUpdater.exe' - '1' Module(s) have been scanned
    Scan process 'BJMyPrt.exe' - '1' Module(s) have been scanned
    Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'cssauth.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
    Scan process 'scheduler_proxy.exe' - '1' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'TpWAudAp.exe' - '1' Module(s) have been scanned
    Scan process 'TPFNF7SP.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'vsnp2uvc.exe' - '1' Module(s) have been scanned
    Scan process 'PMHandler.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'logmon.exe' - '1' Module(s) have been scanned
    Scan process 'WMPNetwk.exe' - '1' Module(s) have been scanned
    Scan process 'suservice.exe' - '1' Module(s) have been scanned
    Scan process 'tvtsched.exe' - '1' Module(s) have been scanned
    Scan process 'rrservice.exe' - '1' Module(s) have been scanned
    Scan process 'rrpservice.exe' - '1' Module(s) have been scanned
    Scan process 'tvt_reg_monitor_svc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'PMSveH.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
    Scan process 'IJPLMSVC.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'FNF5SVC.exe' - '1' Module(s) have been scanned
    Scan process 'FpLogonServ.exe' - '1' Module(s) have been scanned
    Scan process 'DkService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'btwdins.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:

    Starting to scan executable files (registry).
    The registry was scanned ( '1813' files ).



    End of the scan: 09 May 2010 20:10
    Used time: 00:52 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    2322 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    2322 Files not concerned
    5 Archives were scanned
    0 Warnings
    0 Notes


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    I would format that usb key, seems infected

    Open OTL paste this in the custom scan box


    netsvcs


    click run scan post that log


    also update and run a new scan with mbam


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    whats the best way to format a USB key??unsure myself.Running those scans now,thanks
    Was also just thinking,I'm using one of those crappy Sierra wireless dongles from O2 all the time...would that possibly be causing probs???


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    OTL log-

    OTL logfile created on: 09/05/2010 21:06:51 - Run 5
    OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Elaine\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 143.04 Gb Total Space | 101.04 Gb Free Space | 70.63% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LENOVO-FA694358
    Current User Name: Elaine
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/05/08 19:22:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\My Documents\Downloads\OTL.exe
    PRC - [2010/05/08 15:29:06 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/03/24 17:04:32 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
    PRC - [2009/01/26 17:21:52 | 001,258,776 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\3G Watcher\Watcher.exe
    PRC - [2009/01/15 18:08:08 | 000,058,648 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
    PRC - [2009/01/05 17:57:24 | 000,558,360 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
    PRC - [2008/12/23 12:23:44 | 000,197,912 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/17 17:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    PRC - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2007/11/29 19:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    PRC - [2007/08/04 00:42:08 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
    PRC - [2007/08/04 00:35:38 | 002,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    PRC - [2007/08/04 00:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    PRC - [2007/06/22 19:45:54 | 000,106,496 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
    PRC - [2007/04/09 02:24:32 | 000,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
    PRC - [2007/03/16 13:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe
    PRC - [2007/03/16 13:26:18 | 000,031,840 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe
    PRC - [2007/02/08 21:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    PRC - [2007/02/08 21:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    PRC - [2007/02/08 21:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    PRC - [2007/01/30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
    PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2006/12/29 03:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
    PRC - [2006/11/13 20:23:40 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    PRC - [2006/11/12 06:03:16 | 001,405,012 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
    PRC - [2006/11/12 05:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    PRC - [2006/11/08 18:28:52 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2006/11/08 18:20:58 | 000,950,272 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2006/11/08 18:14:00 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2006/09/06 08:38:44 | 000,054,824 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    PRC - [2006/05/24 05:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2006/05/19 00:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    PRC - [2004/07/28 00:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/05/08 19:22:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\My Documents\Downloads\OTL.exe
    MOD - [2008/04/14 01:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
    MOD - [2008/04/14 01:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
    MOD - [2008/04/13 18:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
    MOD - [2007/08/04 00:42:18 | 000,660,792 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
    MOD - [2007/08/04 00:42:10 | 002,094,392 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
    MOD - [2007/08/04 00:28:10 | 001,324,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
    MOD - [2007/08/04 00:28:06 | 000,714,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dll
    MOD - [2007/08/04 00:28:02 | 005,174,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_lenovo_res.dll
    MOD - [2007/08/04 00:27:46 | 001,910,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dll
    MOD - [2007/08/04 00:27:42 | 000,800,056 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dll
    MOD - [2007/08/04 00:19:10 | 000,664,888 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dll
    MOD - [2007/08/04 00:19:06 | 000,386,360 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dll
    MOD - [2007/08/04 00:09:58 | 000,066,872 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_lenovo_res2.dll
    MOD - [2006/11/12 06:09:38 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/03/24 17:04:32 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
    SRV - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2007/08/04 00:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
    SRV - [2007/06/22 19:45:54 | 000,106,496 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
    SRV - [2007/04/09 02:24:32 | 000,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
    SRV - [2007/03/16 13:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
    SRV - [2007/02/08 21:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
    SRV - [2007/02/08 21:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
    SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2006/11/12 05:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2006/11/08 18:28:52 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2006/11/08 18:20:58 | 000,950,272 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2006/11/08 18:14:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2006/05/24 05:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2005/11/14 09:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/04/02 02:25:35 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
    DRV - [2009/04/02 02:24:46 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
    DRV - [2009/01/22 21:34:55 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2008/12/02 11:10:04 | 000,173,312 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swnc8u90.sys -- (SWNC8U90) Sierra Wireless MUX NDIS Driver (UMTS90)
    DRV - [2008/11/17 15:33:44 | 000,145,280 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swumx90.sys -- (SWUMX90) Sierra Wireless USB MUX Driver (UMTS90)
    DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/11/29 19:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
    DRV - [2007/08/10 06:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/06/17 05:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
    DRV - [2007/05/22 23:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
    DRV - [2007/05/22 08:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2007/02/26 04:59:10 | 005,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/02/24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/02/16 23:46:42 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/02/16 23:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2007/02/12 18:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2007/02/08 20:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
    DRV - [2007/01/24 01:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/01/24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/15 13:48:48 | 001,711,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
    DRV - [2006/11/13 02:41:20 | 000,862,922 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006/11/08 21:49:42 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2006/10/30 02:51:40 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/08/30 06:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/06/12 16:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
    DRV - [2006/05/24 19:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
    DRV - [2006/05/19 06:24:20 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/09/11 07:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.ie"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/08 15:29:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/08 15:29:12 | 000,000,000 | ---D | M]

    [2010/02/21 17:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions
    [2009/04/07 10:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/02/21 17:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\xlcf5bp6.default\extensions
    [2010/02/21 17:57:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/05/09 00:16:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AirCardEnabler] File not found
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
    O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)
    O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
    O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
    O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
    O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [WatcherHelper] C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
    O4 - Startup: C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238610864921 (WUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.40.32.33 8.8.8.8
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: ias - C:\WINDOWS\system32\ias [2006/04/30 01:12:49 | 000,000,000 | ---D | M]
    NetSvcs: iprip - File not found
    NetSvcs: irmon - File not found
    NetSvcs: nwcworkstation - File not found
    NetSvcs: nwsapagent - File not found
    NetSvcs: wmdmpmsp - File not found
    NetSvcs: awtldaj - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/09 20:06:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/05/09 20:06:25 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/05/09 20:06:25 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/05/09 20:06:25 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/05/09 20:06:25 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/05/09 20:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/05/09 20:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/05/09 09:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Application Data\Malwarebytes
    [2010/05/09 09:54:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/05/09 09:54:47 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/05/09 09:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/05/09 09:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/05/08 22:36:39 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/05/08 13:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/05/08 13:21:44 | 000,000,000 | ---D | C] -- C:\_OTM
    [2010/05/08 13:20:16 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTM.exe
    [2010/05/08 09:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\DoctorWeb
    [2010/05/02 13:03:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/05/01 21:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/05/01 21:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2010/04/30 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2010/04/30 20:14:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2010/04/30 20:14:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2010/04/30 20:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2010/02/10 09:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2009/08/21 09:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2009/08/21 09:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2009/04/02 02:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
    [2009/04/02 02:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
    [2009/04/02 02:10:21 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
    [2009/04/02 02:10:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/05/09 21:05:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/05/09 20:58:45 | 000,475,154 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/05/09 20:58:45 | 000,404,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/05/09 20:58:45 | 000,063,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/05/09 20:53:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/09 20:49:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/05/09 20:49:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    [2010/05/09 20:48:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/09 20:48:47 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/09 20:48:04 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Elaine\NTUSER.DAT
    [2010/05/09 20:47:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Elaine\ntuser.ini
    [2010/05/09 20:06:56 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/05/09 09:54:52 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/09 00:16:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/05/09 00:09:16 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to OTM.lnk
    [2010/05/08 19:23:14 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to OTL.lnk
    [2010/05/08 15:40:43 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to ComboFix.lnk
    [2010/05/08 13:20:16 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTM.exe
    [2010/05/08 09:34:20 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\DrWeb.csv
    [2010/05/08 09:06:38 | 000,000,287 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to drweb-cureit.lnk
    [2010/05/08 08:37:01 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/05/02 17:11:40 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to OTL(2).exe.lnk
    [2010/05/02 12:45:06 | 000,000,270 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to avenger.lnk
    [2010/05/01 21:05:58 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2010/05/01 21:05:54 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\NTREGOPT.lnk
    [2010/05/01 21:05:54 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\ERUNT.lnk
    [2010/05/01 19:13:36 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Microsoft Office Word 2007.lnk

    ========== Files Created - No Company Name ==========

    [2010/05/09 20:06:55 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/05/09 09:54:52 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/09 00:09:16 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to OTM.lnk
    [2010/05/08 19:23:14 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to OTL.lnk
    [2010/05/08 15:40:43 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to ComboFix.lnk
    [2010/05/08 09:34:20 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\DrWeb.csv
    [2010/05/08 09:06:38 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to drweb-cureit.lnk
    [2010/05/02 17:11:40 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to OTL(2).exe.lnk
    [2010/05/02 12:45:06 | 000,000,270 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to avenger.lnk
    [2010/05/01 21:05:58 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2010/05/01 21:05:54 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\NTREGOPT.lnk
    [2010/05/01 21:05:54 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\ERUNT.lnk
    [2009/12/11 20:55:36 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Elaine\Application Data\Smiley.ico
    [2009/12/10 20:47:02 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
    [2009/08/27 09:44:36 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/28 10:27:26 | 000,000,636 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
    [2009/04/02 02:35:05 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\Elaine\NTUSER.DAT
    [2009/04/02 02:35:05 | 000,061,440 | -H-- | C] () -- C:\Documents and Settings\Elaine\ntuser.dat.LOG
    [2009/04/02 02:35:05 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Elaine\ntuser.ini
    [2009/04/02 02:34:54 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
    [2009/04/02 02:34:54 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
    [2009/04/02 02:30:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/04/02 02:19:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/04/02 02:19:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/04/02 02:19:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/04/02 02:19:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/04/02 02:19:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/04/02 02:19:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/04/02 02:13:44 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2009/04/02 02:13:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
    [2009/04/02 02:12:06 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
    [2009/04/02 02:11:07 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2009/04/02 02:10:22 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
    [2009/04/02 02:10:21 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
    [2009/02/28 00:18:28 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\wceprv.dll
    [2007/02/09 20:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/11/12 05:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2006/08/21 15:45:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
    [2006/04/30 08:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/04/30 08:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2005/02/17 19:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2005/02/17 19:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2001/11/14 20:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
    < End of report >


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    updated mbam,ran full scan-

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3969

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    09/05/2010 21:53:27
    mbam-log-2010-05-09 (21-53-27).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 175668
    Time elapsed: 38 minute(s), 40 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    plug the usb key in somewhere, when the icon comes up for it in my computer, right click on the usb key one, select format, let it do its thing



    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      :OTL
      NetSvcs: awtldaj - File not found
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done




    Then run a new scan with mbam, if its clean we should be done


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    OTL logfile-

    All processes killed
    ========== OTL ==========
    awtldaj removed from NetSvcs value successfully!
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Claire-Anne
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Elaine
    ->Temp folder emptied: 1127998 bytes
    ->Temporary Internet Files folder emptied: 128122 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 56229674 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1208 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 81920 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 55.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Claire-Anne
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Elaine
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point (64424509440)

    OTL by OldTimer - Version 3.2.1.0 log created on 05092010_232003

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    mbam quick scan-

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3969

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    09/05/2010 23:31:58
    mbam-log-2010-05-09 (23-31-58).txt

    Scan type: Quick scan
    Objects scanned: 119313
    Time elapsed: 3 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Your logs are clean


    Follow these steps to uninstall Combofix and tools used in the removal of malware

    Uninstall ComboFix

    Remove Combofix now that we're done with it.
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      CF_Uninstall-1.jpg
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.




    • Open OTL
    • Under the Custom Scans/Fixes box at the bottom, paste the following:
      :Commands
      [clearallrestorepoints]
      [createrestorepoint]
      
    • Click the Run Fix button at the top
    • It might ask you to reboot, if so click YES




    • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
    • Click on the CleanUp button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes




    • Please read my guide on how to prevent malware and about safe computing here

    Thank you for your patience, and performing all of the procedures requested.


  • Registered Users, Registered Users 2 Posts: 2,280 ✭✭✭toby2111


    ASJ112-My sincere thanks for your time and patience to help fix this problem,you are a true boards.ie legend!!
    Just one quick question-this laptop has windows Firewall turned off.Should I turn it on?Friend of mine recommends Threatfire,is that better?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    threatfire isn't a firewall, am not a huge fan of it anyway

    check the preventing malware guide I linked to above, I recommend some firewalls in it. Sunbelt firewall is the best


Advertisement