ihavenet virus?

toby2111 · 19-10-2013 12:26pm #1

Yesterday I clicked on an update to improve speed of Firefox,basically had to reset it.Now,whenever I try do a search,it occasionally brings me to a blank page with ihavenet.com in address bar.Switched browser to chrome and doesnt seem to happen as often. Googled it and tried all the suggestions,ran malwarebytes etc.Cant see any dodgy programs in add/remove programs so its obviously hidden somewhere sneaky.Anyone know anything about this?

Torqay · 19-10-2013 12:36pm

ADWCleaner is your friend.

Tutorial.

toby2111 · 19-10-2013 12:48pm

Torqay wrote: »

ADWCleaner is your friend.

Tutorial.

Yeh, ran that yesterday. No joy.

Torqay · 19-10-2013 1:46pm

toby2111 wrote: »

Yeh, ran that yesterday. No joy.

There is a little bit more to it than just running ADWCleaner or MBAM, did you follow the steps to clean the browsers manually?

toby2111 · 19-10-2013 2:27pm

Torqay wrote: »

There is a little bit more to it than just running ADWCleaner or MBAM, did you follow the steps to clean the browsers manually?

Yeh, went into add/remove programs but saw nothing related to ihavenet.

toby2111 · 19-10-2013 3:53pm

Now,when I click on a link it brings me to a blank ihavenet page,then back to google home page.Have tried numerous cleaners but no luck.Pretty annoying so am just using Chrome now.

Torqay · 19-10-2013 4:01pm

Uninstall Firefox (do not keep the user settings) and install it again. Backup your bookmarks first, if necessary.

toby2111 · 19-10-2013 5:02pm

Thanks Torqay,that seems to have worked.
On a sidenote,what browser do you recommend?I'm unsure about Firefox now if it gave me that annoying virus.But I personally prefer it to other browsers.

Torqay · 19-10-2013 5:05pm

Firefox did not give you that virus.

If you really want to use something Chrome, get SRWare Iron.

toby2111 · 19-10-2013 5:08pm

Ah piss,its gone again!!Typed in srware iron in google,clicked on link and did the usual...goes to a blank page with ihavenet in address bar then goes back to google homepage. So,its not fixed!!!

Torqay · 19-10-2013 5:09pm

System restore?

gordongekko · 19-10-2013 5:18pm

http://board.dailyflix.net/index.php?/topic/53234-i-have-net-removal/

Is this any help?

toby2111 · 19-10-2013 5:33pm

Torqay wrote: »

System restore?

Didn't work, only gave me option of today and yesterday to restore, chose earliest time yesterday. Restored but still not fixed.

toby2111 · 19-10-2013 6:09pm

gordongekko wrote: »

http://board.dailyflix.net/index.php?/topic/53234-i-have-net-removal/

Is this any help?

I have to head out now,I'll try that later....looks a bit complicated for a novice like me!
That feckin virus is damn annoying,thanks for the help anyways everybody.

jsa112 · 19-10-2013 11:13pm

no need to do those steps, this will be a lot easier and quicker

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files here

toby2111 · 20-10-2013 9:55am

Thanks jsa112,heres the notepad....extras.txt is below it.This laptop is kinda banjaxed anyway,shuts down once or twice on initial start up. Dropped it into a computer place,they couldnt fix it,said prob motherboard was fecked.So am on the lookout for a half decent budget laptop like that Asus mentioned over in Bargain alerts.

OTL logfile created on: 20/10/2013 09:42:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elaine\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.18% Memory free
3.83 Gb Paging File | 2.97 Gb Available in Paging File | 77.52% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 94.83 Gb Free Space | 66.29% Space Free | Partition Type: NTFS

Computer Name: LENOVO-7FF6F5EA | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/20 09:41:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\My Documents\Downloads\OTL.exe
PRC - [2013/05/25 01:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Elaine\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/04/13 17:23:00 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/03 20:07:00 | 000,071,976 | ---- | M] () -- C:\Program Files\Moborobo\MoboroboDeviceService.exe
PRC - [2013/03/28 10:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/03/28 10:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013/02/05 09:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2012/07/03 18:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/04/14 14:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/29 19:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/08/04 01:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/06 00:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/06 00:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/06 00:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 23:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 23:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/06/22 20:45:54 | 000,106,496 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
PRC - [2007/04/26 18:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2007/04/09 02:24:32 | 000,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
PRC - [2007/03/16 14:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe
PRC - [2007/03/16 14:26:18 | 000,031,840 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe
PRC - [2007/02/08 22:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 22:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/01/30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/29 04:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2006/11/08 19:17:30 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/11/07 11:51:20 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/09/06 08:38:44 | 000,054,824 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2006/05/24 06:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/19 01:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/13 13:39:56 | 000,615,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\e0627ea9270b82ebd25fad703ed2add2\DevicePodcast.ni.dll
MOD - [2013/10/13 13:39:53 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\06b0b792532f9461099d7696d43b418b\DeviceVideo.ni.dll
MOD - [2013/10/13 13:39:51 | 000,354,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\6cd1bfaeac8fa89b7cb70bc788b1603f\DevicePhoto.ni.dll
MOD - [2013/10/13 13:39:48 | 000,306,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceMusic\cdcd49a30e3b3757585c1d7363958c41\DeviceMusic.ni.dll
MOD - [2013/10/13 13:39:46 | 000,475,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\VideoManager\bf455378fbc26a859790901ba400d82f\VideoManager.ni.dll
MOD - [2013/10/13 13:39:44 | 000,783,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PhotoManager\d02709df275d10134f27b8540bc0dffd\PhotoManager.ni.dll
MOD - [2013/10/13 13:39:40 | 001,984,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Phonebook\e666fce1f9ea8095a68078d761b705c7\Phonebook.ni.dll
MOD - [2013/10/13 13:39:33 | 000,946,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\MusicManager\8f16ecaddeee2b841661083ff2168f71\MusicManager.ni.dll
MOD - [2013/10/13 13:39:29 | 000,404,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BATPlugin\d1426b9825d7928ae7d4a2af62338eb7\BATPlugin.ni.dll
MOD - [2013/10/13 13:39:19 | 000,515,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\6741125eb5dfd512217fcf438730201f\Kies.Common.MediaDB.ni.dll
MOD - [2013/10/13 13:39:16 | 000,063,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\6b11ba572db1e3fba607278441db7fd0\Kies.Common.AllShare.ni.dll
MOD - [2013/10/13 13:39:15 | 000,066,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\be6030f04c6db43443d03f020669585d\Kies.Common.DBManager.ni.dll
MOD - [2013/10/13 13:39:13 | 000,205,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\9174c8efdaa541dfbed33c7cb0af56c8\Kies.Common.MainUI.ni.dll
MOD - [2013/10/13 13:39:11 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1f5f10898da0d8c2186fa900b363c4c1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/10/13 13:39:09 | 000,583,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\033f004348c99f200b6a2827f2f83aaa\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/10/13 13:39:06 | 001,180,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e58bdebdf69ed543e10ea017ca7113e3\Kies.Common.DeviceService.ni.dll
MOD - [2013/10/13 13:39:01 | 001,144,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Podcaster\c72459be34fd3cb0ffddfbe23b8b5164\Podcaster.ni.dll
MOD - [2013/10/13 13:38:57 | 000,701,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\9aeff9b8867eab163b449c2615db908b\DeviceCommonLib.ni.dll
MOD - [2013/10/13 13:38:54 | 000,732,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\8f4e7379607a31f63522fe349695d560\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/10/13 13:38:32 | 000,928,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2eb280e0a9bed590a461f22f6698499e\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/10/13 13:38:24 | 002,201,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\1a89c4757a7f7e9a96281bba3f0f18f4\Kies.Common.Multimedia.ni.dll
MOD - [2013/10/13 13:38:17 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\89fd859508587b1c5ca086c8af70e205\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/10/13 13:38:04 | 006,891,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceHost\31db30a442813f991cdc0120cd2f6565\DeviceHost.ni.dll
MOD - [2013/10/13 13:37:48 | 000,281,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\2a3cd281187c48916418eb99ec715ec2\Kies.Common.Util.ni.dll
MOD - [2013/10/13 13:37:46 | 001,934,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\f472d220c33468145a40278773f05cb4\Kies.UI.ni.dll
MOD - [2013/10/13 13:37:41 | 000,160,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\d4d59b0c2f7079e21bca760e9232d3d1\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/10/13 13:37:39 | 001,260,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Interface\644321bba9ce613d961b8483d812ff7f\Kies.Interface.ni.dll
MOD - [2013/10/13 13:36:11 | 002,124,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies\46f0e09e2e836589e4fd873c12d90225\Kies.ni.exe
MOD - [2013/10/12 21:21:23 | 018,022,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c39f218178b52c74434e94749cdd6e13\PresentationFramework.ni.dll
MOD - [2013/10/12 21:21:05 | 001,014,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ee2269a68f0aa96d88f891318f8d6cef\System.Configuration.ni.dll
MOD - [2013/10/12 21:20:44 | 011,527,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a8287547ced1656c83fa15ce50a672e8\PresentationCore.ni.dll
MOD - [2013/10/12 21:20:29 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\0a2b9b9f03e1941d274636129d8a9c5d\System.Core.ni.dll
MOD - [2013/10/12 21:20:19 | 003,883,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\16b67b54ec0ba5ff69beba36dd88fbfc\WindowsBase.ni.dll
MOD - [2013/08/15 07:43:10 | 017,490,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\c3dae492c09e8109da9cd192c7aefe4c\Kies.Theme.ni.dll
MOD - [2013/08/15 07:43:09 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\ab9fd165c71f793150480de8fbbaac54\DummyStorePlugin.ni.dll
MOD - [2013/08/15 07:42:48 | 000,029,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\35c69d676a6cbd0052f6899aad52b07b\Kies.Common.StoreManager.ni.dll
MOD - [2013/08/15 07:42:47 | 000,232,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6a4bcf254a32a7a34c46cad07a50bd0a\ASF_cSharpAPI.ni.dll
MOD - [2013/08/15 07:42:44 | 000,109,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\1b047410c733cfa99732118b637ff239\Kies.Common.CRMManager.ni.dll
MOD - [2013/08/15 07:42:41 | 000,189,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3ace264d5b9b325864912f97235873f6\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/08/15 07:42:07 | 000,743,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\5cb4b9cce8cd07efff1962dee5c8b61e\ICSharpCode.SharpZipLib.ni.dll
MOD - [2013/08/15 07:41:57 | 000,187,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\659870c3e0af3a0df91cfb52a990b1b5\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/08/15 07:41:40 | 001,618,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\38517579e3e8bdd552837c827d5660fc\Kies.Locale.ni.dll
MOD - [2013/08/15 07:41:39 | 000,079,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\e3f5a25173544405c5708a36a55477d0\Kies.MVVM.ni.dll
MOD - [2013/08/15 07:41:19 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\f2f0e9a8703422ee27d0094e81170cca\System.ServiceProcess.ni.dll
MOD - [2013/08/15 07:40:50 | 000,770,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f7c799b2b0fd3cd2193b21b7d1f3cd39\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 07:40:37 | 001,812,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\876a6e3ad28ad8fb6303fd81630f4366\System.Xaml.ni.dll
MOD - [2013/08/15 07:39:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/14 22:05:30 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2013/08/14 22:00:52 | 005,628,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\625ef7b392f799bdd0ebe0e364bc7b40\System.Xml.ni.dll
MOD - [2013/08/14 22:00:42 | 009,100,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c0a67abed7df54004613628d9db92a68\System.ni.dll
MOD - [2013/08/14 21:57:59 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/14 21:56:02 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/23 11:50:27 | 000,043,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\b6bb426484169b1e27fcc3e9ed22d179\Interop.FUSCryptLib.ni.dll
MOD - [2013/07/23 11:50:25 | 000,175,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\27b10ae5c57f3aeeaac1fc68a2b4ebde\Interop.DevFileServiceLib.ni.dll
MOD - [2013/07/23 11:49:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4e76e94b4fdcd55e8fdf60a1dbe6bcf0\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/07/23 11:49:42 | 000,032,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\23c78dd6b5c41a1ecdf344b258047de9\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/07/23 11:49:41 | 000,171,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b87be734669f99e4fcca4bfe56ee363f\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/07/23 11:49:41 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\38f544b89726d9c186ae97e9d9778563\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/07/23 11:49:41 | 000,030,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\1d241b96c96f09a8f43e54251e0a3166\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/07/23 11:49:35 | 000,018,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\540596dbaccc281900f74bffb75761eb\Interop.DeviceServiceModelDBLib.ni.dll
MOD - [2013/07/23 11:49:18 | 000,395,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CabLib\4a8f835dd54e0859d00bb22707fcd66f\CabLib.ni.dll
MOD - [2013/07/23 11:49:16 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\37305f03b91fee0a2a49050825b642b0\Interop.DeviceSearchLib.ni.dll
MOD - [2013/07/23 09:08:51 | 014,419,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\ddab8d958a389e0578db75ff35a5d772\mscorlib.ni.dll
MOD - [2013/07/23 09:01:46 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/04/03 20:07:34 | 000,952,688 | ---- | M] () -- C:\Program Files\Moborobo\DriverInstall.dll
MOD - [2013/04/03 20:07:00 | 000,071,976 | ---- | M] () -- C:\Program Files\Moborobo\MoboroboDeviceService.exe
MOD - [2013/03/13 21:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Dropbox\bin\libcef.dll
MOD - [2013/01/28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/14 00:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2007/08/04 00:52:06 | 000,110,592 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll
MOD - [2007/04/14 14:30:56 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007/04/14 14:30:56 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/02/08 22:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007/02/08 22:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2006/12/14 03:06:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\tphklock.dll
MOD - [2006/12/08 23:53:28 | 000,032,768 | ---- | M] () -- C:\Program Files\Lenovo\PM Driver\PMEbLib.dll
MOD - [2006/11/21 03:04:06 | 000,856,064 | ---- | M] () -- C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll
MOD - [2006/11/08 19:15:58 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/11/08 19:14:30 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/10/02 22:07:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/09/06 08:38:44 | 000,054,824 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
MOD - [2006/09/06 08:38:40 | 000,063,016 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAud32.dll
MOD - [2006/05/24 22:33:32 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\PM Driver\PMHlerIO.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/10/10 10:15:02 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 03:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/13 17:23:00 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/03 20:07:00 | 000,071,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Moborobo\MoboroboDeviceService.exe -- (MoboroboDeviceService)
SRV - [2013/02/05 09:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2012/11/09 20:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/04/28 00:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/08/04 01:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/06 00:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/06 00:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/06/22 20:45:54 | 000,106,496 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2007/04/09 02:24:32 | 000,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2007/03/16 14:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007/02/08 22:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/01/30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/05/24 06:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\MoboroboAssDriver.sys -- (MoboroboAssDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/23 15:09:42 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2013/02/22 08:17:04 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/02/22 08:17:04 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/02/05 09:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013/01/03 21:49:42 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/12/18 11:06:00 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/12/15 18:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/08/17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/11/29 19:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/08/10 06:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/17 06:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/05/23 00:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/22 08:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/04/02 20:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/02/24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/17 00:46:42 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/17 00:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007/01/24 02:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/08 22:49:42 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/06 09:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/08/30 06:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/05/24 20:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2005/11/08 18:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_5&idate=2013-10-18&ent=hp&u=0835C51EDDBDC9887F0AC852616C4755
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_5&idate=2013-10-18&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ie"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/10/19 17:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions
[2013/10/19 17:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\vlllkxki.default\extensions
[2013/10/19 17:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/19 16:30:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [Search Protection] C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe File not found
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Elaine\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBB5A025-6AA8-4F7F-942E-EEDF85A0BCA9}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/28 11:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/20 09:37:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/10/19 17:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/10/19 14:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\VS Revo Group
[2013/10/19 14:12:34 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/10/19 14:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013/10/19 14:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/10/18 18:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Application Data\LavasoftStatistics
[2013/10/18 18:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/10/18 18:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/10/18 18:05:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/18 14:59:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/10/18 13:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Desktop\Old Firefox Data
[2013/10/11 10:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2013/10/10 14:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Application Data\WindSolutions
[2013/10/10 14:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2013/10/10 11:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/10/10 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/10 11:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/10 11:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/10 10:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/10/10 10:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/09/27 14:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/09/27 14:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/05/14 21:32:23 | 000,067,584 | ---- | C] (Genry) -- C:\Documents and Settings\All Users\Application Data\ISTask.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/20 09:39:32 | 000,482,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/20 09:39:32 | 000,080,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/20 09:35:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/20 09:35:33 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job
[2013/10/20 09:35:30 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2013/10/20 09:35:24 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2013/10/20 09:35:24 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\ohvt.job
[2013/10/20 09:35:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/20 09:35:18 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/19 17:28:22 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\fTalk.lnk
[2013/10/19 17:15:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2013/10/19 17:14:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/19 16:31:05 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/10/19 16:30:58 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/10/19 14:12:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/10/19 14:12:34 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/10/18 15:11:30 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/18 14:59:57 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Elaine\ntuser.pol
[2013/10/17 20:09:46 | 000,147,456 | RHS- | M] () -- C:\WINDOWS\System32\kbdblrv.dll
[2013/10/17 09:50:12 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/16 21:24:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/11 10:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/10 11:07:49 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/10 10:59:09 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/19 17:27:44 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\fTalk.lnk
[2013/10/19 16:31:05 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/10/19 16:30:58 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/10/19 16:30:58 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/10/19 14:12:34 | 000,000,950 | ---- | C] () -- C:\Documents and Settings\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/10/19 14:12:34 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/10/19 11:58:38 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/18 14:59:56 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Elaine\ntuser.pol
[2013/10/17 20:09:47 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\ohvt.job
[2013/10/17 20:09:46 | 000,147,456 | RHS- | C] () -- C:\WINDOWS\System32\kbdblrv.dll
[2013/10/10 11:07:49 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/10 10:59:09 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/05/27 00:20:24 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2013/05/14 21:33:38 | 000,012,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\MoborobAssDriver.sys
[2013/02/28 15:19:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/18 21:09:06 | 000,602,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2143846754-393939619-3658195933-1005-0.dat
[2013/02/18 21:09:05 | 000,244,974 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/18 21:04:30 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013/02/18 21:04:30 | 000,037,344 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013/01/03 21:11:51 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/21 11:13:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/12/20 23:49:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012/12/20 23:41:48 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2012/12/20 23:40:51 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2012/12/20 23:35:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2012/12/20 23:35:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2012/12/20 23:35:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2012/12/20 23:35:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2012/12/20 23:35:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2012/12/20 23:35:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2012/12/20 23:30:51 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2012/12/20 23:30:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2012/12/20 23:30:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/12/20 23:29:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/12/20 23:29:29 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2012/12/20 23:28:14 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2012/12/20 23:27:29 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2012/12/20 23:27:29 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2012/12/20 23:27:29 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2012/12/20 23:27:29 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2012/12/20 23:22:38 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2012/12/20 18:05:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/12/18 11:06:10 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/12/18 11:06:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/12/18 11:06:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/12/18 11:06:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/12/18 11:06:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2006/04/30 08:25:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 14:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 14:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/10 11:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/24 23:34:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/07/06 21:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HRS Disc 11
[2012/12/20 23:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2013/05/14 21:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Moborobo
[2013/02/18 20:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2013/05/31 00:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Official Driver Theory Test
[2013/10/10 14:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2013/10/11 21:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\BitTorrent
[2013/01/11 19:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Bofa
[2013/07/23 08:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\calibre
[2012/12/26 05:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Camfrog
[2013/02/01 11:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Dailfi
[2013/10/20 09:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Dropbox
[2013/07/22 21:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\ExpressFiles
[2012/12/20 23:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Lenovo
[2013/02/18 20:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Samsung
[2013/10/10 14:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\WindSolutions
[2013/01/31 21:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Ynkocu

========== Purity Check ==========

< End of report >

Extra.Txt file---

OTL Extras logfile created on: 20/10/2013 09:42:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elaine\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.18% Memory free
3.83 Gb Paging File | 2.97 Gb Available in Paging File | 77.52% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 94.83 Gb Free Space | 66.29% Space Free | Partition Type: NTFS

Computer Name: LENOVO-7FF6F5EA | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Moborobo\update.exe" = C:\Program Files\Moborobo\update.exe:*:Enabled:update.exe -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Elaine\Local Settings\Temp\7zS167.tmp\SymNRT.exe" = C:\Documents and Settings\Elaine\Local Settings\Temp\7zS167.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Elaine\Local Settings\Temp\7zS169.tmp\SymNRT.exe" = C:\Documents and Settings\Elaine\Local Settings\Temp\7zS169.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Disabled:Camfrog Video Chat
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Documents and Settings\Elaine\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Elaine\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\Elaine\Application Data\BitTorrent\BitTorrent.exe" = C:\Documents and Settings\Elaine\Application Data\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent Inc.)
"C:\Program Files\ExpressFiles\expressdl.exe" = C:\Program Files\ExpressFiles\expressdl.exe:*:Enabled:Express Files
"C:\Program Files\ExpressFiles\ExpressFiles.exe" = C:\Program Files\ExpressFiles\ExpressFiles.exe:*:Enabled:Express Files
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Moborobo\update.exe" = C:\Program Files\Moborobo\update.exe:*:Enabled:update.exe -- ()
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Rundll32 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B934E4-C574-4605-842B-01CD16295185}_is1" = Moborobo 2.1.1.660
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A64AE0B-9CAB-4811-980F-406376C5E44A}" = calibre
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A85DF75-64F2-4352-9534-8A76F8C1E511}_is1" = The Official Driver Theory Test 5th Edition (Revised October 2011)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E05D82D8-FE70-4228-B073-B0C07FE27595}" = iTunes
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AwayTask" = Maintenance Manager
"BitTorrent" = BitTorrent
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Digital Media LE" = Roxio Digital Media LE
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet

jsa112 · 20-10-2013 1:55pm

did you get logs from adwcleaner or mbam ? If so can you post them here

do you recognise these two folders ?

[2013/01/11 19:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Bofa
[2013/07/23 08:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\calibre

open OTL copy this into the box

:OTL
[2013/10/20 09:35:24 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\ohvt.job
O4 - HKLM..\Run: [Search Protection] C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe File not found
[2013/10/17 20:09:46 | 000,147,456 | RHS- | M] () -- C:\WINDOWS\System32\kbdblrv.dll
[2013/01/31 21:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Ynkocu

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe"=-
"C:\WINDOWS\system32\rundll32.exe"=-

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c

click run fix post the log it gives you

toby2111 · 20-10-2013 4:05pm

Dont recognise first folder,second one is just the calibre software I use for converting ebooks.

Wont let me run adwcleaner,says I need to update it,then brings me to a blank Internet Explorer page.MBAM log here-

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.18.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Elaine :: LENOVO-7FF6F5EA [administrator]

18/10/2013 15:12:43
mbam-log-2013-10-18 (15-12-43).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300463
Time elapsed: 56 minute(s), 19 second(s)

Memory Processes Detected: 1
C:\Documents and Settings\Elaine\Application Data\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> 4824 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 20
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 13
C:\Documents and Settings\Elaine\Local Settings\Temp\installdt.tmp (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\installdt.tmp\XPI (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\installdt.tmp\XPI\defaulttab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\installdt.tmp\XPI\defaulttab\components (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\installdt.tmp\XPI\defaulttab\locale (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\installdt.tmp\XPI\defaulttab\locale\en-US (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\CT3225826 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\CT3225826\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\CT3225826\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\CT3225826\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 18
C:\Documents and Settings\Elaine\Application Data\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\tmp604faff9\ork.exe (Trojan.FakeMS.PRGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\My Documents\Downloads\Setup__2570_i96549448_il17.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\My Documents\Downloads\FreeMediaPlayerSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\My Documents\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\installdt.tmp\DefaultTab.xpi (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\CT3225826\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\CT3225826\CT3225826.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\CT3225826\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\CT3225826\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Local Settings\Temp\CT3225826\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

OTL log here-
All processes killed
========== OTL ==========
C:\WINDOWS\tasks\ohvt.job moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
C:\WINDOWS\system32\kbdblrv.dll moved successfully.
C:\Documents and Settings\Elaine\Application Data\Ynkocu folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rundll32.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Elaine
->Temp folder emptied: 2485485563 bytes
->Temporary Internet Files folder emptied: 16693046 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23690056 bytes
->Google Chrome cache emptied: 37853727 bytes
->Flash cache emptied: 20988 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33478 bytes

User: NetworkService
->Temp folder emptied: 1150532 bytes
->Temporary Internet Files folder emptied: 679254 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59781193 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 636348206 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2809360569 bytes

Total Files Cleaned = 5,790.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Elaine
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Elaine
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Elaine\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Elaine\My Documents\Downloads\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10202013_154123

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Thanks a million for all your help so far,appreciate it.

jsa112 · 20-10-2013 5:23pm

hows it running ? virus should be removed

do this as well

open OTL copy this into the box

:OTL
[2013/01/11 19:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Bofa

click run fix

toby2111 · 20-10-2013 6:06pm

You're a legend jsa112!!Thanks a million,its running fine now,looks like that poxy virus is gone,great stuff,appreciate that.Any idea how that got into the system?

jsa112 · 20-10-2013 6:37pm

hard to say, usually stuff like p2p/streams are responsible. If you use firefox as your main browser, install these extensions, they will help keep the machine safer

https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/?src=cb-dl-users
https://addons.mozilla.org/en-US/firefox/addon/ghostery/?src=cb-dl-users

toby2111 · 20-10-2013 7:19pm

jsa112 wrote: »

hard to say, usually stuff like p2p/streams are responsible

Think you're right,watched a bit of Liverpool match on Saturday,won't be doing that again so.Thanks again.

Torqay · 20-10-2013 7:41pm

But if you do, sandbox your browser.

toby2111 · 20-10-2013 8:02pm

Torqay wrote: »

But if you do, sandbox your browser.

Ok, will do. What would you recommend?

Torqay · 20-10-2013 8:04pm

Sandboxie

toby2111 · 20-10-2013 8:12pm

Great stuff,thanks Torqay,you're another legend!!Really appreciate all the help you guys have given me.

Torqay · 20-10-2013 8:22pm

The unregistered version will do for effective browser protection. Although it will start nagging after a while you can use it as long as you want.

Some interesting features (multiple sandboxes, forced folders/applications) are only available for registered users. Registration fee is €18 and you'll get free upgrades to all future versions.

ihavenet virus?

Comments