Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

a different computer but snapdo again!

Started by nigella , Apr 30 2014 01:29 PM

  • This topic is locked This topic is locked

#1
nigella
Posted 30 April 2014 - 01:29 PM

nigella

    Member

  • Member
  • PipPipPip
  • 231 posts

here is the OTL log 

 

 

 

OTL logfile created on: 30/04/2014 20:13:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lesley\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.75 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 42.30% Memory free
5.73 Gb Paging File | 3.94 Gb Available in Paging File | 68.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.98 Gb Total Space | 82.29 Gb Free Space | 59.21% Space Free | Partition Type: NTFS
Drive D: | 10.07 Gb Total Space | 1.75 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
 
Computer Name: LESLEY-PC | User Name: lesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/30 20:10:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lesley\Downloads\OTL.exe
PRC - [2014/04/02 02:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/03/24 12:18:08 | 000,118,264 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2014/03/24 12:12:26 | 000,740,896 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/03/19 17:24:00 | 000,383,504 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
PRC - [2013/09/08 23:55:33 | 006,827,008 | ---- | M] (Bandoo Media Inc.) -- C:\Users\lesley\AppData\Local\iLivid\iLivid.exe
PRC - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/26 07:49:04 | 000,202,752 | ---- | M] () -- C:\Users\lesley\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe
PRC - [2009/07/16 14:43:04 | 000,241,664 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
PRC - [2009/07/16 14:42:20 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/06/13 15:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/01/21 03:33:22 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/15 20:37:31 | 004,110,808 | ---- | M] () -- c:\Program Files\Optimizer Pro\OptProCrash.dll
MOD - [2014/04/02 02:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/02 02:58:02 | 013,691,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
MOD - [2014/04/02 02:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/02 02:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/02 02:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/02/13 11:58:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/02/13 11:56:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3ab5ab0fbb86c36425e6902e54a547b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 11:56:51 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.ni.dll
MOD - [2014/02/13 11:56:51 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\cbadc7af4484ceeb8092c5f2b1240f0b\System.EnterpriseServices.Wrapper.dll
MOD - [2014/02/13 11:56:50 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\24c666e940e61baf4d33315346a03ab6\System.Transactions.ni.dll
MOD - [2014/02/13 11:56:24 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3cf321fb70231d473d99105a582c23e1\System.Deployment.ni.dll
MOD - [2014/02/13 11:56:17 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/13 10:13:46 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/13 10:13:27 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/13 10:13:15 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/13 10:12:43 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\5ee93fdf928109a9dc70ad2c96bb0a92\System.Data.ni.dll
MOD - [2014/02/13 10:12:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 10:12:22 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dll
MOD - [2014/02/13 10:11:58 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll
MOD - [2014/02/13 10:11:40 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll
MOD - [2014/02/13 10:11:36 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/13 10:11:24 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2012/10/26 07:49:04 | 000,202,752 | ---- | M] () -- C:\Users\lesley\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe
MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/16 14:42:20 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
MOD - [2009/04/11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/11 03:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/10/01 00:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/10/01 00:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/10/01 00:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/10/01 00:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/10/01 00:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/10/01 00:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/10/01 00:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/10/01 00:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/06/13 15:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/04/28 21:04:21 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/24 12:18:08 | 000,118,264 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/07/20 18:21:59 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/16 14:43:04 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/04/16 19:59:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/06/19 18:53:05 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 17:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 06:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/22 17:40:20 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130810.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 17:40:18 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130810.005\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/21 06:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/18 12:15:59 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/05/17 15:30:54 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130809.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/05/16 06:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/25 01:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/16 03:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/05 02:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/05 02:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2013/01/31 02:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 17:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/24 16:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/06/22 21:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/22 20:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/05/22 09:08:38 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009/05/22 09:08:38 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/05/22 09:04:04 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/05/22 09:04:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 20:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 23:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/21 03:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\..\SearchScopes,DefaultScope = {1BF6ED5B-95B9-40F2-AF93-DE307057F6A6}
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\..\SearchScopes\{1BF6ED5B-95B9-40F2-AF93-DE307057F6A6}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/lesley/AppData/Local/LPT/NewConfig.txt
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..extensions.enabledItems: {a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: 
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.c...gC3tWis13PFaQ,"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...ype=A110GB0&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\lesley\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile Mobile Broadband Manager\addon [2010/06/12 15:06:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014/03/28 20:24:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2014/04/30 20:07:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/05/18 16:00:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/05 20:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/23 17:06:51 | 000,000,000 | ---D | M]
 
[2009/06/27 13:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lesley\AppData\Roaming\Mozilla\Extensions
[2014/04/15 20:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions
[2009/09/02 22:19:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/03 14:53:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/04/15 20:34:40 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}
[2014/04/15 20:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\staged
[2014/04/15 20:34:45 | 000,002,377 | ---- | M] () -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\searchplugins\Web Search.xml
[2012/06/26 00:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/26 00:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010/06/12 15:06:02 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\T-MOBILE MOBILE BROADBAND MANAGER\ADDON
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
File not found (No name found) -- C:\USERS\LESLEY\APPDATA\LOCAL\{337D5158-7284-4835-B7AF-CE4F08F7D7C2}
[2014/04/29 23:29:32 | 000,002,065 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yah...p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Java™ Platform SE 7 U5 (Disabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Disabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: SiteAdvisor = C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Smiley Bar for Facebook = C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.0_0\
CHR - Extension: Google Wallet = C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2013/06/22 00:11:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000..\Run: [Free Mahjong Games] C:\Users\lesley\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe ()
O4 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000..\Run: [iLivid] C:\Users\lesley\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
O4 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9F1A67-0D74-4F73-8382-A961723E133C}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F2B3000-315B-4E23-A67B-FBFDEE106A0D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE65EEA7-EC85-45B6-A237-D1A115EDD8C8}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (c:\progra~2\wincert\win32c~1.dll) -  File not found
O20 - AppInit_DLLs: (c:\progra~1\optimi~1\optpro~2.dll) - c:\Program Files\Optimizer Pro\OptProCrash.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta2.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll) -  File not found
O36 - AppCertDlls: x86 - (C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll) -  File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/15 20:42:51 | 000,000,000 | ---D | C] -- C:\Users\lesley\Documents\Optimizer Pro
[2014/04/15 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\lesley\AppData\Roaming\Optimizer Pro
[2014/04/15 20:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
[2014/04/15 20:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\LiveSupport
[2014/04/15 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games
[2014/04/15 20:37:31 | 000,000,000 | ---D | C] -- C:\Users\lesley\AppData\Local\WebPlayer
[2014/04/15 20:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/04/15 20:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014/04/15 20:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\LPT
[2014/04/15 20:33:58 | 000,000,000 | ---D | C] -- C:\Users\lesley\AppData\Local\LPT
[2014/04/15 20:33:56 | 000,000,000 | ---D | C] -- C:\Users\lesley\AppData\Local\Smartbar
[2014/04/15 20:33:03 | 000,000,000 | ---D | C] -- C:\Users\lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2014/04/15 20:33:03 | 000,000,000 | ---D | C] -- C:\Users\lesley\AppData\Local\FilesFrog Update Checker
[2014/04/06 16:39:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/30 20:05:15 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/04/30 20:04:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/30 20:04:29 | 000,048,222 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/04/30 20:04:29 | 000,048,222 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/04/30 20:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/30 20:03:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/30 20:03:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/30 20:03:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/29 23:03:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/21 17:02:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/04/21 17:02:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/04/17 00:38:57 | 255,060,460 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/16 21:22:52 | 000,313,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/16 19:59:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/04/15 20:37:39 | 000,002,015 | ---- | M] () -- C:\Users\lesley\Desktop\Free Mahjong Games.lnk
[2014/04/15 20:37:10 | 000,000,859 | ---- | M] () -- C:\Users\lesley\Desktop\Optimizer Pro.lnk
[2014/04/15 20:34:48 | 000,002,327 | ---- | M] () -- C:\Users\lesley\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2014/04/15 20:34:47 | 000,002,303 | ---- | M] () -- C:\Users\lesley\Desktop\Search.lnk
[2014/04/11 21:21:35 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/06 15:42:34 | 000,000,845 | ---- | M] () -- C:\Users\lesley\Application Data\Microsoft\Internet Explorer\Quick Launch\Norton Utilities.lnk
[2014/04/05 13:24:10 | 000,647,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/05 13:24:10 | 000,124,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2014/04/21 17:02:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/04/21 17:02:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2014/04/15 20:37:38 | 000,002,015 | ---- | C] () -- C:\Users\lesley\Desktop\Free Mahjong Games.lnk
[2014/04/15 20:37:08 | 000,000,859 | ---- | C] () -- C:\Users\lesley\Desktop\Optimizer Pro.lnk
[2014/04/15 20:34:48 | 000,002,327 | ---- | C] () -- C:\Users\lesley\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2014/04/15 20:34:47 | 000,002,333 | ---- | C] () -- C:\Users\lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/04/15 20:34:46 | 000,002,303 | ---- | C] () -- C:\Users\lesley\Desktop\Search.lnk
[2014/04/06 15:42:34 | 000,000,845 | ---- | C] () -- C:\Users\lesley\Application Data\Microsoft\Internet Explorer\Quick Launch\Norton Utilities.lnk
[2010/08/02 23:32:15 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uremomix.dll
[2010/08/02 21:30:10 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iqisozidohugi.dll
[2010/08/02 19:28:10 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\udulibikixe.dll
[2010/08/01 23:05:19 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\okujecuxiq.dll
[2010/08/01 21:02:58 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iyekuyepebeham.dll
[2010/08/01 14:29:05 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ocaxobeditexete.dll
[2010/08/01 02:28:58 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ewigobabamisa.dll
[2010/08/01 00:26:58 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\evejopevogani.dll
[2010/07/31 22:24:58 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\eleqocefuwej.dll
[2010/07/31 04:31:02 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\udobalepinubesi.dll
[2010/07/30 22:15:30 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ubifuyiw.dll
[2010/07/30 20:13:08 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\udebotax.dll
[2010/07/30 18:11:09 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\owepejid.dll
[2010/07/30 14:42:45 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ilonepoza.dll
[2010/07/30 12:40:45 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\epapozadu.dll
[2010/07/29 23:44:36 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ewufayoqevi.dll
[2010/07/29 21:42:15 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ajuzaxeqetalajo.dll
[2010/07/29 19:40:57 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iqisagubi.dll
[2010/07/29 14:36:49 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ememomixefenoy.dll
[2010/07/29 12:35:07 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\azasanukukub.dll
[2010/07/29 10:32:50 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ijisozid.dll
[2010/07/28 23:51:13 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ivafiyas.dll
[2010/07/28 21:48:50 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\otodovuj.dll
[2010/07/28 19:46:50 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\aqudumok.dll
[2010/07/27 22:52:47 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uvepamep.dll
[2010/07/26 23:39:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ofoguzele.dll
[2010/07/26 23:25:13 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ubetenim.dll
[2010/07/26 21:23:16 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\eloyicubucamot.dll
[2010/07/25 23:40:15 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ekimamerih.dll
[2010/07/25 21:38:14 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uzeroyowuyazam.dll
[2010/07/25 19:36:14 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uzoqikuwafonutul.dll
[2010/07/25 17:34:14 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ojegejopevo.dll
[2010/07/25 14:20:34 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ezegoweli.dll
[2010/07/25 01:07:22 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\icitegixiv.dll
[2010/07/25 00:35:00 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ufeyijevula.dll
[2010/07/24 22:33:14 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\acitiwuvubomure.dll
[2010/07/23 23:43:19 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\olabepaguh.dll
[2010/07/23 21:38:04 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iconasowovone.dll
[2010/07/23 19:06:15 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ewovuhox.dll
[2010/07/22 23:52:17 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\apojepope.dll
[2010/07/22 00:23:50 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uhuyujup.dll
[2010/07/21 22:54:55 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ijepamep.dll
[2010/07/21 21:06:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\adudilak.dll
[2010/07/21 20:54:07 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\eruyewiducena.dll
[2010/07/20 23:10:01 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iwefumak.dll
[2010/07/20 21:08:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iputaduxotoyeful.dll
[2010/07/19 23:42:56 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\utaxasuxomod.dll
[2010/07/19 21:37:53 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\enaxijokiqovab.dll
[2010/07/19 18:28:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\exitoced.dll
[2010/07/19 00:22:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ufoyoxajij.dll
[2010/07/18 22:20:22 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\umevumeged.dll
[2010/07/17 21:54:38 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\oquvuwox.dll
[2010/07/17 19:52:41 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ahegokidonotudok.dll
[2010/07/17 17:48:28 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\enomihudu.dll
[2010/07/16 22:37:41 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ilawelijosi.dll
[2010/07/16 20:35:40 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ibopikeb.dll
[2010/07/16 17:16:02 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ifixoqirac.dll
[2010/07/15 23:55:22 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ebiwukaza.dll
[2010/07/15 21:53:23 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\odorafoxosivolup.dll
[2010/07/14 22:31:55 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ajehoyop.dll
[2010/07/14 22:13:56 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\efidusex.dll
[2010/07/13 22:23:45 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\evohecew.dll
[2010/07/13 20:21:44 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ufepulukelikuf.dll
[2010/07/13 18:19:43 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\evuderirif.dll
[2010/07/13 00:56:10 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ohubemojokesiy.dll
[2010/07/12 22:54:09 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ecogugek.dll
[2010/07/12 20:52:09 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ebeberer.dll
[2010/07/11 23:41:04 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ixebuxidetayol.dll
[2010/07/11 21:29:27 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\emiyugup.dll
[2010/07/11 19:27:27 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ufosuxidigibavuk.dll
[2010/07/11 16:00:57 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ezejiyerezuqah.dll
[2010/07/10 23:53:11 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ohazopes.dll
[2010/07/10 21:51:11 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\uxaxemex.dll
[2010/07/10 19:49:10 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\upukulej.dll
[2010/07/10 12:43:02 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\amorowov.dll
[2010/07/09 17:28:08 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\iresozoq.dll
[2010/07/02 20:20:42 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\aruwuroviqo.dll
[2010/07/02 18:18:41 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\efuyiyukejub.dll
[2010/05/29 19:16:00 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\inojupiliyojo.dll
[2010/05/28 19:52:00 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\ipidobuvogepu.dll
[2010/04/08 23:16:00 | 000,023,090 | ---- | C] () -- C:\Users\lesley\AppData\Local\ipobohid.dll
[2010/04/07 21:07:39 | 000,023,090 | ---- | C] () -- C:\Users\lesley\AppData\Local\ibeciquc.dll
[2010/01/30 22:08:18 | 000,008,484 | ---- | C] () -- C:\Users\lesley\AppData\Local\d3d9caps.dat
[2010/01/15 17:28:53 | 000,000,120 | ---- | C] () -- C:\Users\lesley\AppData\Local\Amaloxubacepexo.dat
[2010/01/15 17:28:53 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\Jnidakusadiyu.bin
[2009/10/12 17:55:41 | 000,008,704 | ---- | C] () -- C:\Users\lesley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 20:18:00 | 000,048,222 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/24 20:10:48 | 000,048,222 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/14 17:49:08 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/06/22 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/02 01:16:04 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\EasyChat
[2009/07/28 00:30:04 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Gaijin Ent
[2010/08/14 01:30:58 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\lowsec
[2013/07/05 01:37:17 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Memory Resource
[2014/04/15 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Optimizer Pro
[2013/05/02 18:39:52 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\PlusWinks
[2010/06/26 00:26:13 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Program Files
[2010/08/01 00:48:11 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Titanium Gears
[2009/06/24 20:08:29 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\WildTangent
[2009/06/24 21:22:02 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\EPSON
[2010/07/18 19:56:33 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\passport_photo
[2010/06/12 15:06:33 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\Program Files
[2010/02/09 17:56:55 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\Sports Interactive
[2011/01/06 21:01:14 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\Spotify
[2009/06/28 12:18:57 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\Template
[2009/12/05 10:25:28 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\TigerPlayer
[2010/08/03 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\uTorrent
[2009/06/25 23:03:47 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\WildTangent
[2010/04/18 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D287FACF
 
< End of report >
 
 
thank you in advance

  • 0

Advertisements

#2
zep516
Posted 30 April 2014 - 04:23 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First I need the Extra's log report.

The first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it, If not I would like you to re-run OTL once more so we can re create the log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be mimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post:

1- Extra's Log

2- AdwCleaner Log [SO].txt

3- JRT .txt

Thanks
Joe :)
  • 0

#3
nigella
Posted 02 May 2014 - 02:29 AM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts
Hi Joe
It's my sisters laptop so I don't have it to hand, I'll be talking to her today and we should be able to upload the files later today
Thanks for your help.

Ps here is the extras file

EOTL Extras logfile created on: 30/04/2014 20:13:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lesley\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 42.30% Memory free
5.73 Gb Paging File | 3.94 Gb Available in Paging File | 68.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.98 Gb Total Space | 82.29 Gb Free Space | 59.21% Space Free | Partition Type: NTFS
Drive D: | 10.07 Gb Total Space | 1.75 Gb Free Space | 17.37% Space Free | Partition Type: NTFS

Computer Name: LESLEY-PC | User Name: lesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4095824921-2520398854-2341837645-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047A1E8C-658F-44E2-8F9A-B10D9DD6E291}" = rport=139 | protocol=6 | dir=out | app=system |
"{14D7A358-FBD2-4C85-8513-6A098012BA8D}" = lport=139 | protocol=6 | dir=in | app=system |
"{2CF36304-EA54-4E3F-8D23-4B172565A36D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D58EFCB-1695-4517-B122-A63EE5C3C108}" = rport=138 | protocol=17 | dir=out | app=system |
"{3DC2971C-0FA3-40A4-A3A5-95D89C5F8C85}" = lport=137 | protocol=17 | dir=in | app=system |
"{4255A4EC-BA5B-4534-9306-DDCE37A84004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{47C7133A-3D15-4806-BDB5-2D5BB6F68392}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92E301DA-6567-4480-B235-C1D1DFD7804F}" = lport=138 | protocol=17 | dir=in | app=system |
"{DCD5CADE-D806-45AE-B861-6B3923EDD07A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DD2F14BB-8748-401C-82B9-21060AED610A}" = lport=445 | protocol=6 | dir=in | app=system |
"{E0678A21-CE4C-4E0D-BAA1-36A421DC7C5D}" = rport=137 | protocol=17 | dir=out | app=system |
"{EB71D7D7-ADB8-4AE9-84F5-EAF1F45C1AB1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EF5EA292-FFF4-4BAA-8448-1E09B8C4FC39}" = rport=445 | protocol=6 | dir=out | app=system |
"{F253FB89-CE5D-423E-84F5-9B1163CCD549}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A005293-675F-429B-881F-43FFC7921A10}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{1CB26C25-BFB5-4A24-8F6B-C101DA871CAA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1EA1E3B9-6941-49F6-BB21-F09031FDD03C}" = protocol=17 | dir=in | app=c:\program files\movies toolbar\datamngr\srtool~1\ie\dtuser.exe |
"{226834ED-100C-4007-BF5B-DA0A40286859}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{2316147E-285A-46D5-8CA2-FF0085E7C97E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{232BAE2B-4544-4A46-A8A3-27C2B10C9FD0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{26C973BF-8F4A-4711-914B-B59524954783}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2ECC1544-ACCE-4E18-A71B-2ACA8D4D9B07}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{31F1D559-E254-4B8B-BCF0-C12CD314A19A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{373656C4-4C19-4F82-8D55-62B88935DADB}" = protocol=58 | dir=out | [email protected],-28546 |
"{376BE3E0-6EA8-40E5-8A1A-F2E6D7AB27A0}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{3FF4A8F1-8664-477E-AB1B-AAFF7C22AA42}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4D757471-40EE-4850-8615-973F756E9AEE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{556DE132-95AF-4136-9EB6-ACD9E61ED021}" = protocol=17 | dir=in | app=c:\users\lesley\appdata\local\ilivid\ilivid.exe |
"{58BE48A7-E865-4D4C-9902-7CF4787A8FFC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5FF54F93-7FB1-4A47-8D02-4761188DC797}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{614146F7-E803-415E-840E-217E6F0513BA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{642A62DA-6AD3-486A-8CF7-87457220F084}" = dir=in | app=c:\users\lesley\appdata\local\temp\ibtmpc810551\component_369 |
"{6B4AA020-5857-448B-B6F8-DA5D864BAA4C}" = protocol=1 | dir=in | [email protected],-28543 |
"{6E8B312E-83C2-4566-AB4B-15FBB5304CB2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{72B483E6-F0F6-441B-8FEB-5EFE58E4D7D6}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{8066E15C-4040-43CF-B82B-7D116D63B0AF}" = protocol=1 | dir=out | [email protected],-28544 |
"{81464AA0-C37D-40BD-8931-4173C73B3200}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{87B90806-EB32-4678-A299-DED612C4B561}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{9597FD8B-3F54-4A92-A934-DFE8E47D51B6}" = dir=in | app=c:\users\lesley\downloads\videoperformersetup.exe |
"{AAE2C197-3E35-4D32-9CC9-1A3483A78793}" = protocol=6 | dir=in | app=c:\program files\movies toolbar\datamngr\srtool~1\ie\dtuser.exe |
"{B09BAAD7-0D94-481A-AEFF-413F5BF94994}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CBBC0E08-A0B0-4B70-BF81-CF25306DE6AF}" = protocol=58 | dir=in | [email protected],-28545 |
"{CFA186A6-0FE5-45B9-BDF0-0F7BEEDBCAB3}" = dir=out | app=c:\users\lesley\appdata\local\temp\ibtmpc810551\component_369 |
"{D37FFC56-76C5-476B-A24B-C1C4A4638B72}" = dir=out | app=c:\users\lesley\downloads\videoperformersetup.exe |
"{E3901FD5-0F17-4C7D-ACA1-F46E72AC70FC}" = protocol=6 | dir=in | app=c:\users\lesley\appdata\local\ilivid\ilivid.exe |
"{E78BBCD2-C8E9-4F17-B517-8FD38F58E10A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E85AC423-CF8C-4559-A69E-BAE16868B283}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EEE60FD8-C931-4002-9175-7932C7F7688B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F3268D53-0341-423F-8DE8-0468B0AA6F20}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{00F691EC-A16C-4708-BCB4-17AAC80CAA36}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2575C5DA-2E4F-4E44-BBD4-616131205426}C:\users\roger\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\roger\desktop\utorrent.exe |
"TCP Query User{2ADF4626-DD49-43BA-A8E6-25F55BE56E04}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7CAE3D22-482E-4120-9696-F2FF14BF0ED6}C:\users\roger\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\roger\desktop\utorrent.exe |
"TCP Query User{879D55B1-9F7B-4F70-AF14-8B83F6A1EF22}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{9A9F4AC0-15F4-4A0D-83E5-A790943BED75}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{D576E4D9-3EDA-42A1-A28B-4A9A97E8C68E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{60DC868A-9434-4BBC-A0C3-DE1E354E31F1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{610DF7B5-D711-41A0-897C-CC28F04B9255}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{621FA8C5-C626-4F09-A71F-B0D2D692B55F}C:\users\roger\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\roger\desktop\utorrent.exe |
"UDP Query User{89EFCD16-740F-4BEF-BE1B-6BF8D99BC97C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{90EEAF90-EDB2-499C-8665-DDCD7E22748E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{FAAD8921-FDE8-4867-B188-776B220743AF}C:\users\roger\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\roger\desktop\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A3532ED-A121-4297-AA4F-70B60E4BD631}" = Playalot Games
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{645D6B69-6456-442D-94D6-85F0636ED258}" = Badoo Desktop
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Mobile Broadband Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB65D81D-303A-4DDB-AC7C-12C9CD9F67FB}" = Snap.Do
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3MobileWiFi" = 3MobileWiFi
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AlaskanStormDemo" = Deadliest Catch Alaskan Storm Demo
"AOL Toolbar" = AOL Toolbar 5.0
"BitComet" = BitComet 1.16
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CopyTrans Suite" = CopyTrans Suite Remove Only
"EasyBits Magic Desktop" = Magic Desktop
"EasyChat_is1" = EasyChat (beta) 0.2.13
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Users Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LiveSupport_is1" = LiveSupport
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MpcStar" = MpcStar 4.2
"N360" = Norton 360
"Norton Utilities_is1" = Norton Utilities
"NVIDIA Drivers" = NVIDIA Drivers
"Optimizer Pro_is1" = Optimizer Pro v3.2
"Spotify" = Spotify
"Steam App 10540" = Football Manager 2009
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.3
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4095824921-2520398854-2341837645-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Free Mahjong Games" = Free Mahjong Games
"iLivid" = iLivid
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22/04/2014 14:21:27 | Computer Name = lesley-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/04/2014 14:40:16 | Computer Name = lesley-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/04/2014 15:21:26 | Computer Name = lesley-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2014 15:05:32 | Computer Name = lesley-PC | Source = WinMgmt | ID = 10
Description =

Error - 26/04/2014 14:18:40 | Computer Name = lesley-PC | Source = WinMgmt | ID = 10
Description = 2

Error - 27/04/2014 12:16:40 | Computer Name = lesley-PC | Source = WinMgmt | ID = 10
Description =
2
Error - 28/04/2014 14:55:49 | Computer 3/Name = lesley-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/04/2014 15:29:37 | Computer Name = lesley-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/04/2014 18:26:47 | Computer Name = lesley-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/04/2014 15:03:31 | Computer Name = lesley-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 22/04/2014 14:21:27 | Computer Name = lesley-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/04/2014 14:40:16 | Computer Name = lesley-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/04/2014 15:21:26 | Computer Name = lesley-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/04/2014 15:05:32 | Computer Name = lesley-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/04/2014 14:18:40 | Computer Name = lesley-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/04/2014 12:16:40 | Computer Name = lesley-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 28/04/2014 14:55:50 | Computer Name = lesley-PC | Source = Service Control Manager | ID = 7000
Description = 2/

Error - 29/04/2014 15:29:37 | Compu3ter Name = lesley-PC | Source = Service Control Manager | ID = 7000
Descrip22//tion =

2
Description =

Error - 30/04/2014 15:03:__,32 | Computer Name = lesley-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#4
zep516
Posted 02 May 2014 - 06:14 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi nigella,

I'm missing 2 scans from the instructions in Post # 2. Please run those programs as outlined above in post # 2 and post the logs from:
1-AdwCleaner Log [SO].txt
2-JRT.txt

Next

Lets remove all of those programs listed below.
==> Click > Start > Control Panel > Programs & Features.

1-Java 6 Update 33
2-Java 7 Update 17
3-Snap.Do
4-iLivid

Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.c...gC3tWis13PFaQ,"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...ype=A110GB0&p="
FF - user.js - File not found
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
File not found (No name found) -- C:\USERS\LESLEY\APPDATA\LOCAL\{337D5158-7284-4835-B7AF-CE4F08F7D7C2}
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000..\Run: [iLivid] C:\Users\lesley\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
O4 - HKU\S-1-5-21-4095824921-2520398854-2341837645-1000..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1) 
O20 - AppInit_DLLs: (c:\progra~2\wincert\win32c~1.dll) -  File not found
O20 - AppInit_DLLs: (c:\progra~1\optimi~1\optpro~2.dll) - c:\Program Files\Optimizer Pro\OptProCrash.dll ()
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta2.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O36 - AppCertDlls: x64 - (c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll) -  File not found
O36 - AppCertDlls: x86 - (C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll) -  File not found
[2014/04/15 20:42:51 | 000,000,000 | ---D | C] -- C:\Users\lesley\Documents\Optimizer Pro
[2014/04/15 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\lesley\AppData\Roaming\Optimizer Pro
[2014/04/15 20:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
[2014/04/15 20:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\LiveSupport
[2014/04/15 20:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/04/15 20:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014/04/15 20:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\LPT
[2014/04/15 20:33:58 | 000,000,000 | ---D | C] -- C:\Users\lesley\AppData\Local\LPT
[2014/04/15 20:33:56 | 000,000,000 | ---D | C] -- C:\Users\lesley\AppData\Local\Smartbar
[2014/04/15 20:37:10 | 000,000,859 | ---- | M] () -- C:\Users\lesley\Desktop\Optimizer Pro.lnk
[2014/04/15 20:37:08 | 000,000,859 | ---- | C] () -- C:\Users\lesley\Desktop\Optimizer Pro.lnk

:Files
ipconfig /flushdns /c
c:\Program Files\Optimizer Pro\OptProCrash.dll

:Commands
[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post:
  • AdwCleaner Log [SO].txt
  • JRT .txt
  • OTL Fix log located here->C:\_OTL\Moved Files
  • New OTL Log after quick scan.
Thanks
Joe :)
  • 0

#5
nigella
Posted 03 May 2014 - 11:03 AM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts
Hi Joe, sorry I'd didn't have copies of Adwcleaner and JRT log files. I do now! Would you like to see them before I run OTL ? Or shall I run OTL with the fixes first?
  • 0

#6
nigella
Posted 03 May 2014 - 01:44 PM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts
AdwCleaner v3.205 - Report created 03/05/2014 at 15:33:05
# Updated 28/04/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : lesley - LESLEY-PC
# Running from : C:\Users\lesley\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : ca82e1a5

***** [ Files / Folders ] *****

File Found : C:\Users\lesley\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\searchplugins\Web Search.xml
File Found : C:\Users\lesley\AppData\Roaming\regsvr32.exe_log.txt
File Found : C:\Users\lesley\Desktop\iLivid.lnk
File Found : C:\Users\lesley\Desktop\Optimizer Pro.lnk
File Found : C:\Users\Public\Desktop\Free Games.lnk
File Found : C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\searchplugins\Web Search.xml
File Found : C:\Windows\System32\Tasks\EPUpdater
File Found : C:\Windows\System32\Tasks\PC Performer
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
File Found : C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
Folder Found : C:\Program Files\LiveSupport
Folder Found : C:\Program Files\LPT
Folder Found : C:\Program Files\Movies Toolbar
Folder Found : C:\Program Files\Optimizer Pro
Folder Found : C:\Program Files\VideoPerformer
Folder Found : C:\Users\lesley\AppData\Local\FilesFrog Update Checker
Folder Found : C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog
Folder Found : C:\Users\lesley\AppData\Local\iLivid
Folder Found : C:\Users\lesley\AppData\Local\ilividmoviestoolbar181
Folder Found : C:\Users\lesley\AppData\Local\LPT
Folder Found : C:\Users\lesley\AppData\Local\Smartbar
Folder Found : C:\Users\lesley\AppData\Local\Temp\Smartbar
Folder Found : C:\Users\lesley\AppData\Local\webplayer
Folder Found : C:\Users\lesley\AppData\LocalLow\DataMngr
Folder Found : C:\Users\lesley\AppData\LocalLow\ilividmoviestoolbar181
Folder Found : C:\Users\lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Found : C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\ilividmoviestoolbar181
Folder Found : C:\Users\lesley\AppData\Roaming\Optimizer Pro
Folder Found : C:\Users\lesley\AppData\Roaming\pluswinks
Folder Found : C:\Users\lesley\Documents\Optimizer Pro
Folder Found : C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\ilividmoviestoolbar181

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\lesley\Desktop\Search.lnk ( hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=GB&userid=a763bd81-dd2b-6e49-34ce-c0d80e0a42f3&searchtype=sc&installDate=15/04/2014&barcodeid=126634&um=0 )
Shortcut Found : C:\Users\lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=GB&userid=a763bd81-dd2b-6e49-34ce-c0d80e0a42f3&searchtype=sc&installDate=15/04/2014&barcodeid=126634&um=0 )
Shortcut Found : C:\Users\lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games\Uninstall.lnk ( _?=C:\Users\lesley\AppData\Local\WebPlayer\Free Mahjong Games )
Shortcut Found : C:\Users\lesley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk ( hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=GB&userid=a763bd81-dd2b-6e49-34ce-c0d80e0a42f3&searchtype=sc&installDate=15/04/2014&barcodeid=126634&um=0 )

***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~2.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\wincert\win32c~1.dll
Key Found : HKCU\Software\APNDTX
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\LiveSupport
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Somoto
Key Found : HKCU\Software\Webplayer
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7A4141A0-3851-4758-AEBD-B52BCBC21BC3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0F21154-8751-468A-A40C-92E8324AB8F2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E09BA1E2-D479-46B1-A0AF-AE88238C3DFC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}
Key Found : HKLM\SOFTWARE\Classes\Facebook.ScriptHostObject
Key Found : HKLM\SOFTWARE\Classes\Facebook.ScriptHostObject.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D5A3D96-8BE2-45F6-A365-D7B9FAE581EF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{60C6F3A9-36D9-4FF7-A074-53C73455B2F2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7828DB55-A8EE-42C0-8D72-738CA9B3E48F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{867457A9-DA67-450A-964A-EA9185A09395}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\${dtUserElevationPolicyID}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02A6EEB1-8815-4BC6-B703-7DA277454D63}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE167A1A-156E-4AB4-90B2-79379588A893}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{399F3CED-AD68-402E-91C7-A8302101EA34}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFDF2FC6-1875-4774-B58A-172DAE810800}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02A6EEB1-8815-4BC6-B703-7DA277454D63}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{399F3CED-AD68-402E-91C7-A8302101EA34}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFDF2FC6-1875-4774-B58A-172DAE810800}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE167A1A-156E-4AB4-90B2-79379588A893}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v3.0.19 (en-GB)

[ File : C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXmqAVDAB2nhu7HgI2b6if[...]
Line Found : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXmqAVDAB2rrLlJBGjIjQZ7Vnvlc8_SDHgq[...]
Line Found : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXmqAVDAB2hXajzs0003WRZpWQq3[...]

[ File : C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\prefs.js ]

Line Found : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXmqAVDAB2rrLlJBGjIjQZ7Vnvlc8_SDHgq[...]
Line Found : user_pref("browser.search.selectedEngine", "Web Search");
Line Found : user_pref("browser.search.order.1", "Secure Search");user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYY[...]
Line Found : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXmqAVDAB2hXajzs0003WRZpWQq3[...]

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXmqAVDAB2nhu7HgI2b6ifWAX2lWY7_PD-zJY2wtIUO-mAqdX2m49rYQOvrggC3tWis13PFaQ,,
Found [Homepage] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXmqAVDAB2nhu7HgI2b6ifWAX2lWY7_PD-zJY2wtIUO-mAqdX2m49rYQOvrggC3tWis13PFaQ,,
Found [Extension] : mocblcnaofikinigmceddfghppkkjbog

[ File : C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109220&tt=4512_3&babsrc=SP_ss&mntrId=1ee5d48e000000000000001f167a4957
Found [Startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXmqAVDAB2nhu7HgI2b6ifWAX2lWY7_PD-zJY2wtIUO-mAqdX2m49rYQOvrggC3tWis13PFaQ,,
Found [Homepage] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXmqAVDAB2nhu7HgI2b6ifWAX2lWY7_PD-zJY2wtIUO-mAqdX2m49rYQOvrggC3tWis13PFaQ,,

*************************

AdwCleaner[R0].txt - [15985 octets] - [03/05/2014 15:33:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16046 octets] ##########

And JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by lesley on 03/05/2014 at 15:55:54.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\livesupport
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\livesupport_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}



~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\scheduled update for ask toolbar"
Successfully deleted: [File] "C:\Windows\System32\Tasks\PC Performer"
Successfully deleted: [File] C:\Windows\System32\Tasks\epupdater



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\lesley\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\lesley\AppData\Roaming\pluswinks"
Successfully deleted: [Folder] "C:\Users\lesley\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\lesley\Local Settings\Application Data\filesfrog update checker"
Successfully deleted: [Folder] "C:\Users\lesley\Local Settings\Application Data\ilivid"
Successfully deleted: [Folder] "C:\Users\lesley\Local Settings\Application Data\smartbar"
Successfully deleted: [Folder] "C:\Users\lesley\Local Settings\Application Data\webplayer"
Successfully deleted: [Folder] "C:\Program Files\livesupport"
Successfully deleted: [Folder] "C:\Program Files\movies toolbar"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\livesupport"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"
Successfully deleted: [Folder] "C:\Users\lesley\AppData\Roaming\microsoft\windows\start menu\programs\filesfrog update checker"
Successfully deleted: [Folder] "C:\Users\lesley\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\lesley\appdata\local\{B6291640-3391-451F-A4DC-06A4EBB93FE0}



~~~ FireFox

Successfully deleted: [File] C:\Users\lesley\AppData\Roaming\mozilla\firefox\profiles\l0q5u8vk.default\searchplugins\web search.xml
Successfully deleted: [Folder] C:\Users\lesley\AppData\Roaming\mozilla\firefox\profiles\l0q5u8vk.default\extensions\staged
Successfully deleted the following from C:\Users\lesley\AppData\Roaming\mozilla\firefox\profiles\l0q5u8vk.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUx
user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXmqAVDAB2
user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfzUvDcED85_NxbCGCagRhZbYYXa3fqPqjXHElPZTmNA5sxbVkboUxxszLXm



~~~ Chrome

Successfully deleted: [Folder] C:\Users\lesley\appdata\local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/05/2014 at 16:05:39.33
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
zep516
Posted 03 May 2014 - 01:50 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi nigella,

Run the OTL Fix for now. Don't forget to do the quick scan after so I can see a new OTL log to see what's left. More importantly let me know how things are too with the computer, what's still popping up and in what browser !

Thanks
Joe :)
  • 0

#8
nigella
Posted 17 July 2014 - 04:09 AM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

OTL fix log

 

All processes killed
========== COMMANDS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Prefs.js: "http://feed.snapdo.c...gC3tWis13PFaQ," removed from browser.startup.homepage
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
Prefs.js: "http://feed.snapdo.c....ype=A110GB0&p=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_USERS\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid deleted successfully.
File C:\Users\lesley\AppData\Local\iLivid\iLivid.exe not found.
Registry value HKEY_USERS\S-1-5-21-4095824921-2520398854-2341837645-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro not found.
File C:\Program Files\Optimizer Pro\OptProLauncher.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\wincert\win32c~1.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\optimi~1\optpro~2.dll deleted successfully.
File c:\Program Files\Optimizer Pro\OptProCrash.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 deleted successfully.
Folder C:\Users\lesley\Documents\Optimizer Pro\ not found.
Folder C:\Users\lesley\AppData\Roaming\Optimizer Pro\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport\ not found.
Folder C:\Program Files\LiveSupport\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\ not found.
Folder C:\Program Files\Optimizer Pro\ not found.
C:\Program Files\LPT\Resources folder moved successfully.
C:\Program Files\LPT\Configs folder moved successfully.
C:\Program Files\LPT folder moved successfully.
C:\Users\lesley\AppData\Local\LPT\Resources folder moved successfully.
C:\Users\lesley\AppData\Local\LPT\Configs folder moved successfully.
C:\Users\lesley\AppData\Local\LPT folder moved successfully.
Folder C:\Users\lesley\AppData\Local\Smartbar\ not found.
C:\Users\lesley\Desktop\Optimizer Pro.lnk moved successfully.
File C:\Users\lesley\Desktop\Optimizer Pro.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\lesley\Desktop\cmd.bat deleted successfully.
C:\Users\lesley\Desktop\cmd.txt deleted successfully.
File\Folder c:\Program Files\Optimizer Pro\OptProCrash.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
 
User: lesley
->Temp folder emptied: 91966883 bytes
->Temporary Internet Files folder emptied: 217539088 bytes
->Java cache emptied: 897 bytes
->FireFox cache emptied: 41876213 bytes
->Google Chrome cache emptied: 391509898 bytes
->Flash cache emptied: 38674 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: roger
->Temp folder emptied: 76189842 bytes
->Temporary Internet Files folder emptied: 67490341 bytes
->Java cache emptied: 45414955 bytes
->FireFox cache emptied: 6913114 bytes
->Google Chrome cache emptied: 43956040 bytes
->Flash cache emptied: 550218 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 815522749 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 118019 bytes
RecycleBin emptied: 1718 bytes
 
Total Files Cleaned = 1,716.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 07172014_102020
 
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
and  an OTL Quick scan log file
 

OTL logfile created on: 17/07/2014 10:55:21 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lesley\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.75 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 57.93% Memory free
5.70 Gb Paging File | 4.55 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.98 Gb Total Space | 74.01 Gb Free Space | 53.25% Space Free | Partition Type: NTFS
Drive D: | 10.07 Gb Total Space | 1.75 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
 
Computer Name: LESLEY-PC | User Name: lesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/25 10:59:26 | 000,133,696 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2014/06/25 10:56:52 | 000,739,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/06/16 16:08:34 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014/04/30 20:10:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lesley\Desktop\OTL.exe
PRC - [2014/04/02 02:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.5.0.28\ccsvchst.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/18 14:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2009/07/16 14:43:04 | 000,241,664 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
PRC - [2009/07/16 14:42:20 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/06/13 15:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/01/21 03:33:22 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/15 20:02:16 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fbf434299b068c463296945c12845734\System.Runtime.Remoting.ni.dll
MOD - [2014/05/15 20:02:14 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18817faf786930adbb67d2df097ca382\System.EnterpriseServices.ni.dll
MOD - [2014/05/15 20:02:14 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18817faf786930adbb67d2df097ca382\System.EnterpriseServices.Wrapper.dll
MOD - [2014/05/15 20:02:13 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4c6ed86f523280f47b61a0e00dce712c\System.Transactions.ni.dll
MOD - [2014/05/15 01:07:58 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ea0f4218fb24bb1c150f7dc2d013cf59\System.Data.ni.dll
MOD - [2014/04/02 02:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/02 02:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/02 02:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/02 02:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/03/28 11:49:12 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/13 11:58:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/02/13 11:56:24 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3cf321fb70231d473d99105a582c23e1\System.Deployment.ni.dll
MOD - [2014/02/13 11:56:17 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/13 10:13:46 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/13 10:13:27 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/13 10:13:15 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/13 10:12:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 10:12:22 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dll
MOD - [2014/02/13 10:11:58 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll
MOD - [2014/02/13 10:11:40 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll
MOD - [2014/02/13 10:11:36 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/13 10:11:24 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.5.0.28\wincfi39.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/16 14:42:20 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
MOD - [2009/04/11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/11 03:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/10/01 00:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/10/01 00:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/10/01 00:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/10/01 00:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/10/01 00:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/10/01 00:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/10/01 00:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/10/01 00:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/06/13 15:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/07/08 23:04:19 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/25 10:59:26 | 000,133,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.5.0.28\ccSvcHst.exe -- (N360)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/07/20 18:21:59 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/16 14:43:04 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/04/16 19:59:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/06/19 18:53:05 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 17:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 06:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\symefa.sys -- (SymEFA)
DRV - [2013/05/22 17:40:20 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130810.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 17:40:18 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130810.005\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/21 06:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\symds.sys -- (SymDS)
DRV - [2013/05/18 12:15:59 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/05/17 15:30:54 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130809.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/05/16 06:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\1405000.01C\srtsp.sys -- (SRTSP)
DRV - [2013/04/25 01:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/16 03:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/05 02:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\ironx86.sys -- (SymIRON)
DRV - [2013/03/05 02:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\srtspx.sys -- (SRTSPX)
DRV - [2013/01/31 02:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 17:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/24 16:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/06/22 21:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/22 20:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/05/22 09:08:38 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009/05/22 09:08:38 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/05/22 09:04:04 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/05/22 09:04:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 20:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 23:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/21 03:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {1BF6ED5B-95B9-40F2-AF93-DE307057F6A6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1BF6ED5B-95B9-40F2-AF93-DE307057F6A6}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/lesley/AppData/Local/LPT/NewConfig.txt
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..extensions.enabledItems: {a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: 
FF - prefs.js..browser.search.selectedEngine: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\lesley\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile Mobile Broadband Manager\addon [2010/06/12 15:06:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014/06/29 20:18:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2014/07/17 10:51:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/05/18 16:00:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/05 20:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/23 17:06:51 | 000,000,000 | ---D | M]
 
[2009/06/27 13:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lesley\AppData\Roaming\Mozilla\Extensions
[2014/05/03 16:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions
[2009/09/02 22:19:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/03 14:53:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/04/15 20:34:40 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}
[2012/06/26 00:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/26 00:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010/06/12 15:06:02 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\T-MOBILE MOBILE BROADBAND MANAGER\ADDON
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
File not found (No name found) -- C:\USERS\LESLEY\APPDATA\LOCAL\{337D5158-7284-4835-B7AF-CE4F08F7D7C2}
[2014/04/29 23:29:32 | 000,002,065 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = https://uk.search.ya...p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Java™ Platform SE 7 U5 (Disabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Disabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Norton Identity Protection = C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc\2013.4.11.6_0\
CHR - Extension: SiteAdvisor = C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: Google Wallet = C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/07/17 10:40:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.5.0.28\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.5.0.28\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.5.0.28\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Free Mahjong Games] C:\Users\lesley\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9F1A67-0D74-4F73-8382-A961723E133C}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F2B3000-315B-4E23-A67B-FBFDEE106A0D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE65EEA7-EC85-45B6-A237-D1A115EDD8C8}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/17 10:20:20 | 000,000,000 | ---D | C] -- C:\_OTL
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/17 10:50:33 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/07/17 10:49:54 | 000,048,222 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/07/17 10:49:54 | 000,048,222 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/07/17 10:49:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/17 10:48:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/17 10:48:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/17 10:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/17 10:40:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/07/17 10:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/17 10:03:26 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/10 18:34:31 | 000,313,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010/08/02 23:32:15 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uremomix.dll
[2010/08/02 21:30:10 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iqisozidohugi.dll
[2010/08/02 19:28:10 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\udulibikixe.dll
[2010/08/01 23:05:19 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\okujecuxiq.dll
[2010/08/01 21:02:58 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iyekuyepebeham.dll
[2010/08/01 14:29:05 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ocaxobeditexete.dll
[2010/08/01 02:28:58 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ewigobabamisa.dll
[2010/08/01 00:26:58 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\evejopevogani.dll
[2010/07/31 22:24:58 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\eleqocefuwej.dll
[2010/07/31 04:31:02 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\udobalepinubesi.dll
[2010/07/30 22:15:30 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ubifuyiw.dll
[2010/07/30 20:13:08 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\udebotax.dll
[2010/07/30 18:11:09 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\owepejid.dll
[2010/07/30 14:42:45 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ilonepoza.dll
[2010/07/30 12:40:45 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\epapozadu.dll
[2010/07/29 23:44:36 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ewufayoqevi.dll
[2010/07/29 21:42:15 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ajuzaxeqetalajo.dll
[2010/07/29 19:40:57 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iqisagubi.dll
[2010/07/29 14:36:49 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ememomixefenoy.dll
[2010/07/29 12:35:07 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\azasanukukub.dll
[2010/07/29 10:32:50 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ijisozid.dll
[2010/07/28 23:51:13 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ivafiyas.dll
[2010/07/28 21:48:50 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\otodovuj.dll
[2010/07/28 19:46:50 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\aqudumok.dll
[2010/07/27 22:52:47 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uvepamep.dll
[2010/07/26 23:39:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ofoguzele.dll
[2010/07/26 23:25:13 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ubetenim.dll
[2010/07/26 21:23:16 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\eloyicubucamot.dll
[2010/07/25 23:40:15 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ekimamerih.dll
[2010/07/25 21:38:14 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uzeroyowuyazam.dll
[2010/07/25 19:36:14 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uzoqikuwafonutul.dll
[2010/07/25 17:34:14 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ojegejopevo.dll
[2010/07/25 14:20:34 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ezegoweli.dll
[2010/07/25 01:07:22 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\icitegixiv.dll
[2010/07/25 00:35:00 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ufeyijevula.dll
[2010/07/24 22:33:14 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\acitiwuvubomure.dll
[2010/07/23 23:43:19 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\olabepaguh.dll
[2010/07/23 21:38:04 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iconasowovone.dll
[2010/07/23 19:06:15 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ewovuhox.dll
[2010/07/22 23:52:17 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\apojepope.dll
[2010/07/22 00:23:50 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uhuyujup.dll
[2010/07/21 22:54:55 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ijepamep.dll
[2010/07/21 21:06:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\adudilak.dll
[2010/07/21 20:54:07 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\eruyewiducena.dll
[2010/07/20 23:10:01 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iwefumak.dll
[2010/07/20 21:08:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\iputaduxotoyeful.dll
[2010/07/19 23:42:56 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\utaxasuxomod.dll
[2010/07/19 21:37:53 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\enaxijokiqovab.dll
[2010/07/19 18:28:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\exitoced.dll
[2010/07/19 00:22:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ufoyoxajij.dll
[2010/07/18 22:20:22 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\umevumeged.dll
[2010/07/17 21:54:38 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\oquvuwox.dll
[2010/07/17 19:52:41 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ahegokidonotudok.dll
[2010/07/17 17:48:28 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\enomihudu.dll
[2010/07/16 22:37:41 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ilawelijosi.dll
[2010/07/16 20:35:40 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ibopikeb.dll
[2010/07/16 17:16:02 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\ifixoqirac.dll
[2010/07/15 23:55:22 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ebiwukaza.dll
[2010/07/15 21:53:23 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\odorafoxosivolup.dll
[2010/07/14 22:31:55 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ajehoyop.dll
[2010/07/14 22:13:56 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\efidusex.dll
[2010/07/13 22:23:45 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\evohecew.dll
[2010/07/13 20:21:44 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ufepulukelikuf.dll
[2010/07/13 18:19:43 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\evuderirif.dll
[2010/07/13 00:56:10 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ohubemojokesiy.dll
[2010/07/12 22:54:09 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ecogugek.dll
[2010/07/12 20:52:09 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ebeberer.dll
[2010/07/11 23:41:04 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ixebuxidetayol.dll
[2010/07/11 21:29:27 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\emiyugup.dll
[2010/07/11 19:27:27 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ufosuxidigibavuk.dll
[2010/07/11 16:00:57 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ezejiyerezuqah.dll
[2010/07/10 23:53:11 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ohazopes.dll
[2010/07/10 21:51:11 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\uxaxemex.dll
[2010/07/10 19:49:10 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\upukulej.dll
[2010/07/10 12:43:02 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\amorowov.dll
[2010/07/09 17:28:08 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\iresozoq.dll
[2010/07/02 20:20:42 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\aruwuroviqo.dll
[2010/07/02 18:18:41 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\efuyiyukejub.dll
[2010/05/29 19:16:00 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\inojupiliyojo.dll
[2010/05/28 19:52:00 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\ipidobuvogepu.dll
[2010/04/08 23:16:00 | 000,023,090 | ---- | C] () -- C:\Users\lesley\AppData\Local\ipobohid.dll
[2010/04/07 21:07:39 | 000,023,090 | ---- | C] () -- C:\Users\lesley\AppData\Local\ibeciquc.dll
[2010/01/30 22:08:18 | 000,008,484 | ---- | C] () -- C:\Users\lesley\AppData\Local\d3d9caps.dat
[2010/01/15 17:28:53 | 000,000,120 | ---- | C] () -- C:\Users\lesley\AppData\Local\Amaloxubacepexo.dat
[2010/01/15 17:28:53 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\Jnidakusadiyu.bin
[2009/10/12 17:55:41 | 000,008,704 | ---- | C] () -- C:\Users\lesley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 20:18:00 | 000,048,222 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/24 20:10:48 | 000,048,222 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/14 17:49:08 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/06/22 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/02 01:16:04 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\EasyChat
[2009/07/28 00:30:04 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Gaijin Ent
[2010/08/14 01:30:58 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\lowsec
[2013/07/05 01:37:17 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Memory Resource
[2010/06/26 00:26:13 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Program Files
[2010/08/01 00:48:11 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Titanium Gears
[2009/06/24 20:08:29 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D287FACF
 
< End of report >
 
 
thank you and I hope this is ok to post on this thread as its been so long

  • 0

#9
zep516
Posted 17 July 2014 - 06:30 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Reset your home page in Chrome. Do you know how to do that? If not see Here

Next

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
  • 0

#10
nigella
Posted 18 July 2014 - 01:35 PM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

Malwarebytes log

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 18/07/2014
Scan Time: 08:41:24
Logfile: MBAMLog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.18.02
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: lesley
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359406
Time Elapsed: 21 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 17
PUP.Optional.Babylon.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [0a973070304b2c0a75ae1441758df709], 
Trojan.Vundo, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, Quarantined, [fba6514fe3985fd76d700f7851b1cd33], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00A6FAF6-072E-44CF-8957-5838F569A31D}, Quarantined, [f0b14060eb90a6906411672aeb17857b], 
PUP.Optional.SpeedAnalysis.A, HKLM\SOFTWARE\CLASSES\2.ScriptHostObject, Quarantined, [7d24dac6d4a71a1c9937325b768c1de3], 
PUP.Optional.SpeedAnalysis.A, HKLM\SOFTWARE\CLASSES\2.ScriptHostObject.1, Quarantined, [6d341c84b1ca3bfb6f61eaa33ac84fb1], 
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AB65D81D-303A-4DDB-AC7C-12C9CD9F67FB}, Quarantined, [5a473769a4d71a1ce591a427ec1615eb], 
PUP.Optional.Linkury.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}, Quarantined, [9011703008739f97abdb46880af87789], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [0f923868fd7ea98de33f9e61a65d748c], 
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [11908719a6d5ea4c1e5b43beee16fa06], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [5d44613fb9c2d1651f8b4db0bc475ba5], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [01a0b9e7a7d4b581e2c7ef0ed132b14f], 
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, Quarantined, [3968eeb2d9a2c07652b90dc03cc628d8], 
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, Quarantined, [b2ef3a66bfbc2a0c06069e2fe81a2fd1], 
PUP.Optional.BProtector.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Quarantined, [841d5e4289f20531db22639d9d67ad53], 
PUP.Optional.PCPerformer.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PERFORMERSOFT\PC Performer, Quarantined, [bce5a00026555bdbe5df34ca2dd66799], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [b8e9fda349322115c8efa05e2ad9b749], 
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, Quarantined, [cbd6e4bc66159a9c33d88d40fa08bc44], 
 
Registry Values: 7
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00A6FAF6-072E-44CF-8957-5838F569A31D}, Quarantined, [f0b14060eb90a6906411672aeb17857b], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{00A6FAF6-072E-44cf-8957-5838F569A31D}, Quarantined, [dcc5cbd52f4c4cea8fe6cec31de5f30d], 
PUP.Optional.LPT.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, file://C:/Users/lesley/AppData/Local/LPT/NewConfig.txt, Quarantined, [f5ac1a866e0d2610aaa9b91c639f22de]
PUP.BProtector, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://search.babylo...000001f167a4957, Quarantined, [e9b80d93d9a2ec4a208b24d9ba4908f8]
Adware.Hotbar, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH, http://edits.mywebse...?p=ZKxdm171YYGB, Quarantined, [c5dc217f691264d29c27ce88c0439868]
PUP.BProtector, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [9d04247c4734e650a705ef0e857e2ad6]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-4095824921-2520398854-2341837645-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 11111111, Quarantined, [b8e9fda349322115c8efa05e2ad9b749]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 10
PUP.Optional.MoviesToolBar.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\ilividmoviestoolbar181, Quarantined, [831e811f9cdfc670e29d654214ee0af6], 
PUP.Optional.MoviesToolBar.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\ilividmoviestoolbar181, Quarantined, [336e79273a41ba7cfa85d2d5cf331fe1], 
PUP.Optional.MoviesToolBar.A, C:\Users\lesley\AppData\Local\ilividmoviestoolbar181, Quarantined, [8021158b57245adca0298a20a75ba15f], 
PUP.Optional.MoviesToolBar.A, C:\Users\lesley\AppData\Local\ilividmoviestoolbar181\GC, Quarantined, [8021158b57245adca0298a20a75ba15f], 
PUP.Optional.MoviesToolbar.A, C:\Users\lesley\AppData\LocalLow\ilividmoviestoolbar181, Quarantined, [653cd6ca6219b0860517f1c12ad8f10f], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\PublisherImages, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\components, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
 
Files: 82
PUP.Optional.Superfish.A, C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [a6fb148c80fb45f1ebbefdd27a88f60a], 
PUP.Optional.Superfish.A, C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [1e83a8f83b40db5bb8f1616e35cdeb15], 
PUP.Optional.WebSearch.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\searchplugins\Web Search.xml, Quarantined, [6f32722e235885b1895329b4bd45e818], 
PUP.Optional.MoviesToolBar.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\ilividmoviestoolbar181\apnuserid.dat, Quarantined, [831e811f9cdfc670e29d654214ee0af6], 
PUP.Optional.MoviesToolBar.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\ilividmoviestoolbar181\appid.dat, Quarantined, [831e811f9cdfc670e29d654214ee0af6], 
PUP.Optional.MoviesToolBar.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\ilividmoviestoolbar181\geodata.xml, Quarantined, [831e811f9cdfc670e29d654214ee0af6], 
PUP.Optional.MoviesToolBar.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\ilividmoviestoolbar181\setupCfg.xml, Quarantined, [831e811f9cdfc670e29d654214ee0af6], 
PUP.Optional.MoviesToolBar.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\ilividmoviestoolbar181\sysid.dat, Quarantined, [831e811f9cdfc670e29d654214ee0af6], 
PUP.Optional.MoviesToolBar.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\ilividmoviestoolbar181\trackid.dat, Quarantined, [831e811f9cdfc670e29d654214ee0af6], 
PUP.Optional.MoviesToolBar.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\ilividmoviestoolbar181\apnuserid.dat, Quarantined, [336e79273a41ba7cfa85d2d5cf331fe1], 
PUP.Optional.MoviesToolBar.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\ilividmoviestoolbar181\appid.dat, Quarantined, [336e79273a41ba7cfa85d2d5cf331fe1], 
PUP.Optional.MoviesToolBar.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\ilividmoviestoolbar181\geodata.xml, Quarantined, [336e79273a41ba7cfa85d2d5cf331fe1], 
PUP.Optional.MoviesToolBar.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\ilividmoviestoolbar181\setupCfg.xml, Quarantined, [336e79273a41ba7cfa85d2d5cf331fe1], 
PUP.Optional.MoviesToolBar.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\ilividmoviestoolbar181\sysid.dat, Quarantined, [336e79273a41ba7cfa85d2d5cf331fe1], 
PUP.Optional.MoviesToolBar.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\ilividmoviestoolbar181\trackid.dat, Quarantined, [336e79273a41ba7cfa85d2d5cf331fe1], 
PUP.Optional.MoviesToolbar.A, C:\Users\lesley\AppData\LocalLow\ilividmoviestoolbar181\apnuserid.dat, Quarantined, [653cd6ca6219b0860517f1c12ad8f10f], 
PUP.Optional.MoviesToolbar.A, C:\Users\lesley\AppData\LocalLow\ilividmoviestoolbar181\appid.dat, Quarantined, [653cd6ca6219b0860517f1c12ad8f10f], 
PUP.Optional.MoviesToolbar.A, C:\Users\lesley\AppData\LocalLow\ilividmoviestoolbar181\dtx.ini, Quarantined, [653cd6ca6219b0860517f1c12ad8f10f], 
PUP.Optional.MoviesToolbar.A, C:\Users\lesley\AppData\LocalLow\ilividmoviestoolbar181\geodata.xml, Quarantined, [653cd6ca6219b0860517f1c12ad8f10f], 
PUP.Optional.MoviesToolbar.A, C:\Users\lesley\AppData\LocalLow\ilividmoviestoolbar181\guid.dat, Quarantined, [653cd6ca6219b0860517f1c12ad8f10f], 
PUP.Optional.MoviesToolbar.A, C:\Users\lesley\AppData\LocalLow\ilividmoviestoolbar181\setupCfg.xml, Quarantined, [653cd6ca6219b0860517f1c12ad8f10f], 
PUP.Optional.MoviesToolbar.A, C:\Users\lesley\AppData\LocalLow\ilividmoviestoolbar181\sysid.dat, Quarantined, [653cd6ca6219b0860517f1c12ad8f10f], 
PUP.Optional.MoviesToolbar.A, C:\Users\lesley\AppData\LocalLow\ilividmoviestoolbar181\trackid.dat, Quarantined, [653cd6ca6219b0860517f1c12ad8f10f], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome.manifest, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\install.rdf, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\BackPageRemove.js, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\externalJS.js, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\FBImagePreview.js, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\FirefoxExtensionMain.css, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\FirefoxExtensionMain.js, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\FirefoxExtensionMain.xul, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\InternalJS.js, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\jquery-1.5.1.min.js, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\publisherDefinitions.js, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\down-1.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\down-2.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\down-3.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\down.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\fb.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\fblike.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\gmail.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\googleplus.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\hide-1.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\hide-2.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\hide-3.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\left.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\maximize-1.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\maximize-2.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\maximize-3.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\mgsplusvideo.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\minimize-1.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\minimize-2.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\minimize-3.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\pinit.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\right.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\searchBox.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\show-1.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\show-2.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\show-3.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\twitter.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\up-1.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\up-2.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\up-3.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\images\up.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\PublisherImages\SnapDo.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\PublisherImages\SnapDo128.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\PublisherImages\SnapDo16.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\chrome\PublisherImages\SnapDo_small.png, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\components\ISmartbarFireFoxRemotePlugin.xpt, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\components\SmartbarFireFoxRemotePlugin_24.dll, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\components\SmartbarFireFoxRemotePlugin_25.dll, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\components\SmartbarFireFoxRemotePlugin_26.dll, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\components\SmartbarFireFoxRemotePlugin_27.dll, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\components\SmartbarFireFoxRemotePlugin_28.dll, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.SnapDo.A, C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}\components\SmartbarFireFoxRemotePlugin_29.dll, Quarantined, [8e13742ca0db96a042e9e1d3a9594ab6], 
PUP.Optional.Snapdo.A, C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://feed.snapdo.c...rggC3tWis13PFaQ,,",), Replaced,[d1d02779ec8f83b341e1bd1839cb14ec]
PUP.Optional.Snapdo.A, C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://feed.snapdo.c...rggC3tWis13PFaQ,," ],), Replaced,[dfc2584847341125ef6f676f1fe5fa06]
PUP.Optional.Snapdo.A, C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://feed.snapdo.c...rggC3tWis13PFaQ,,",), Replaced,[b6ebe7b97efd4bebc75bab2a19eb956b]
PUP.Optional.Snapdo.A, C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://feed.snapdo.c...rggC3tWis13PFaQ,," ],), Replaced,[366b0b95b8c3989ec797e5f14fb5669a]
PUP.Optional.SnapDo.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://feed.snapdo.c...Z3HUUcsnL_9i-xg,,");), Replaced,[f7aaa1ff89f2f244c8acba1bae561be5]
PUP.Optional.SnapDo.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://feed.snapdo.c...orzz6RimBw,,&q=");), Replaced,[1f828c146219c96d1263cc098183e21e]
PUP.Optional.Snapdo.A, C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\zn6h5ypi.default\prefs.js, Good: (), Bad: (user_pref("browser.search.order.1", "Secure Search");user_pref("browser.startup.homepage", "http://feed.snapdo.c...rggC3tWis13PFaQ,,");), Replaced,[31705f41bbc03cfac9fd369f34d0926e]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Thank you

  • 0

Advertisements

#11
zep516
Posted 18 July 2014 - 06:03 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
[CREATERESTOREPOINT]

:OTL


:Files
C:\Users\lesley\AppData\Local\uremomix.dll
C:\Users\lesley\AppData\Local\iqisozidohugi.dll
C:\Users\lesley\AppData\Local\udulibikixe.dll
C:\Users\lesley\AppData\Local\okujecuxiq.dll
C:\Users\lesley\AppData\Local\iyekuyepebeham.dll
C:\Users\lesley\AppData\Local\ocaxobeditexete.dll
C:\Users\lesley\AppData\Local\ewigobabamisa.dll
C:\Users\lesley\AppData\Local\evejopevogani.dll
C:\Users\lesley\AppData\Local\eleqocefuwej.dll           
C:\Users\lesley\AppData\Local\udebotax.dll
C:\Users\lesley\AppData\Local\udobalepinubesi.dll
C:\Users\lesley\AppData\Local\ubifuyiw.dll
C:\Users\lesley\AppData\Local\owepejid.dll
C:\Users\lesley\AppData\Local\ilonepoza.dll
C:\Users\lesley\AppData\Local\epapozadu.dll
C:\Users\lesley\AppData\Local\ewufayoqevi.dll
C:\Users\lesley\AppData\Local\ajuzaxeqetalajo.dll
C:\Users\lesley\AppData\Local\iqisagubi.dll
C:\Users\lesley\AppData\Local\ememomixefenoy.dll
C:\Users\lesley\AppData\Local\azasanukukub.dll
C:\Users\lesley\AppData\Local\ijisozid.dll
C:\Users\lesley\AppData\Local\ivafiyas.dll
C:\Users\lesley\AppData\Local\otodovuj.dll
C:\Users\lesley\AppData\Local\aqudumok.dll                                
C:\Users\lesley\AppData\Local\ofoguzele.dll
C:\Users\lesley\AppData\Local\ubetenim.dll
C:\Users\lesley\AppData\Local\eloyicubucamot.dll
C:\Users\lesley\AppData\Local\ekimamerih.dll
C:\Users\lesley\AppData\Local\uzeroyowuyazam.dll
C:\Users\lesley\AppData\Local\uzoqikuwafonutul.dll
C:\Users\lesley\AppData\Local\ojegejopevo.dll
C:\Users\lesley\AppData\Local\ezegoweli.dll
C:\Users\lesley\AppData\Local\icitegixiv.dll
C:\Users\lesley\AppData\Local\ufeyijevula.dll
C:\Users\lesley\AppData\Local\acitiwuvubomure.dll
C:\Users\lesley\AppData\Local\olabepaguh.dll 
C:\Users\lesley\AppData\Local\iconasowovone.dll
C:\Users\lesley\AppData\Local\ewovuhox.dll
C:\Users\lesley\AppData\Local\apojepope.dll
C:\Users\lesley\AppData\Local\uhuyujup.dll
C:\Users\lesley\AppData\Local\ijepamep.dll
C:\Users\lesley\AppData\Local\adudilak.dll
C:\Users\lesley\AppData\Local\eruyewiducena.dll
C:\Users\lesley\AppData\Local\iwefumak.dll
C:\Users\lesley\AppData\Local\iputaduxotoyeful.dll
C:\Users\lesley\AppData\Local\utaxasuxomod.dll
C:\Users\lesley\AppData\Local\enaxijokiqovab.dll 
C:\Users\lesley\AppData\Local\ufoyoxajij.dll
C:\Users\lesley\AppData\Local\umevumeged.dll
C:\Users\lesley\AppData\Local\oquvuwox.dll
C:\Users\lesley\AppData\Local\ahegokidonotudok.dll
C:\Users\lesley\AppData\Local\enomihudu.dll
C:\Users\lesley\AppData\Local\ilawelijosi.dll
C:\Users\lesley\AppData\Local\ibopikeb.dll
C:\Users\lesley\AppData\Local\ifixoqirac.dll
C:\Users\lesley\AppData\Local\ebiwukaza.dll
C:\Users\lesley\AppData\Local\odorafoxosivolup.dll
C:\Users\lesley\AppData\Local\ajehoyop.dll 
:\Users\lesley\AppData\Local\ufepulukelikuf.dll
C:\Users\lesley\AppData\Local\evuderirif.dll
C:\Users\lesley\AppData\Local\ohubemojokesiy.dll
C:\Users\lesley\AppData\Local\ecogugek.dll
C:\Users\lesley\AppData\Local\ebeberer.dll
C:\Users\lesley\AppData\Local\ixebuxidetayol.dll
c:\Users\lesley\AppData\Local\emiyugup.dll
C:\Users\lesley\AppData\Local\ufosuxidigibavuk.dll
C:\Users\lesley\AppData\Local\ezejiyerezuqah.dll
C:\Users\lesley\AppData\Local\ohazopes.dll
C:\Users\lesley\AppData\Local\uxaxemex.dll
C:\Users\lesley\AppData\Local\upukulej.dll
C:\Users\lesley\AppData\Local\amorowov.dll
C:\Users\lesley\AppData\Local\iresozoq.dll
C:\Users\lesley\AppData\Local\aruwuroviqo.dll
C:\Users\lesley\AppData\Local\efuyiyukejub.dll
C:\Users\lesley\AppData\Local\inojupiliyojo.dll
C:\Users\lesley\AppData\Local\ipidobuvogepu.dll
C:\Users\lesley\AppData\Local\ipobohid.dll
C:\Users\lesley\AppData\Local\ibeciquc.dll
C:\Users\lesley\AppData\Local\d3d9caps.dat
C:\Users\lesley\AppData\Local\Amaloxubacepexo.dat
C:\Users\lesley\AppData\Local\Jnidakusadiyu.bin
C:\Users\lesley\AppData\Local\uvepamep.dll
C:\Users\lesley\AppData\Local\efidusex.dll
C:\Users\lesley\AppData\Local\evohecew.dll
C:\Users\lesley\AppData\Local\exitoced.dll

:Commands

[emptytemp]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post:

1- OTL Fix Log, it will pop up in front of you when fix finishes.
2- A new OTL Log after a quick scan is done
  • 0

#12
nigella
Posted 20 July 2014 - 06:44 AM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
C:\Users\lesley\AppData\Local\uremomix.dll moved successfully.
C:\Users\lesley\AppData\Local\iqisozidohugi.dll moved successfully.
C:\Users\lesley\AppData\Local\udulibikixe.dll moved successfully.
C:\Users\lesley\AppData\Local\okujecuxiq.dll moved successfully.
C:\Users\lesley\AppData\Local\iyekuyepebeham.dll moved successfully.
C:\Users\lesley\AppData\Local\ocaxobeditexete.dll moved successfully.
C:\Users\lesley\AppData\Local\ewigobabamisa.dll moved successfully.
C:\Users\lesley\AppData\Local\evejopevogani.dll moved successfully.
C:\Users\lesley\AppData\Local\eleqocefuwej.dll moved successfully.
C:\Users\lesley\AppData\Local\udebotax.dll moved successfully.
C:\Users\lesley\AppData\Local\udobalepinubesi.dll moved successfully.
C:\Users\lesley\AppData\Local\ubifuyiw.dll moved successfully.
C:\Users\lesley\AppData\Local\owepejid.dll moved successfully.
C:\Users\lesley\AppData\Local\ilonepoza.dll moved successfully.
C:\Users\lesley\AppData\Local\epapozadu.dll moved successfully.
C:\Users\lesley\AppData\Local\ewufayoqevi.dll moved successfully.
C:\Users\lesley\AppData\Local\ajuzaxeqetalajo.dll moved successfully.
C:\Users\lesley\AppData\Local\iqisagubi.dll moved successfully.
C:\Users\lesley\AppData\Local\ememomixefenoy.dll moved successfully.
C:\Users\lesley\AppData\Local\azasanukukub.dll moved successfully.
C:\Users\lesley\AppData\Local\ijisozid.dll moved successfully.
C:\Users\lesley\AppData\Local\ivafiyas.dll moved successfully.
C:\Users\lesley\AppData\Local\otodovuj.dll moved successfully.
C:\Users\lesley\AppData\Local\aqudumok.dll moved successfully.
C:\Users\lesley\AppData\Local\ofoguzele.dll moved successfully.
C:\Users\lesley\AppData\Local\ubetenim.dll moved successfully.
C:\Users\lesley\AppData\Local\eloyicubucamot.dll moved successfully.
C:\Users\lesley\AppData\Local\ekimamerih.dll moved successfully.
C:\Users\lesley\AppData\Local\uzeroyowuyazam.dll moved successfully.
C:\Users\lesley\AppData\Local\uzoqikuwafonutul.dll moved successfully.
C:\Users\lesley\AppData\Local\ojegejopevo.dll moved successfully.
C:\Users\lesley\AppData\Local\ezegoweli.dll moved successfully.
C:\Users\lesley\AppData\Local\icitegixiv.dll moved successfully.
C:\Users\lesley\AppData\Local\ufeyijevula.dll moved successfully.
C:\Users\lesley\AppData\Local\acitiwuvubomure.dll moved successfully.
C:\Users\lesley\AppData\Local\olabepaguh.dll moved successfully.
C:\Users\lesley\AppData\Local\iconasowovone.dll moved successfully.
C:\Users\lesley\AppData\Local\ewovuhox.dll moved successfully.
C:\Users\lesley\AppData\Local\apojepope.dll moved successfully.
C:\Users\lesley\AppData\Local\uhuyujup.dll moved successfully.
C:\Users\lesley\AppData\Local\ijepamep.dll moved successfully.
C:\Users\lesley\AppData\Local\adudilak.dll moved successfully.
C:\Users\lesley\AppData\Local\eruyewiducena.dll moved successfully.
C:\Users\lesley\AppData\Local\iwefumak.dll moved successfully.
C:\Users\lesley\AppData\Local\iputaduxotoyeful.dll moved successfully.
C:\Users\lesley\AppData\Local\utaxasuxomod.dll moved successfully.
C:\Users\lesley\AppData\Local\enaxijokiqovab.dll moved successfully.
C:\Users\lesley\AppData\Local\ufoyoxajij.dll moved successfully.
C:\Users\lesley\AppData\Local\umevumeged.dll moved successfully.
C:\Users\lesley\AppData\Local\oquvuwox.dll moved successfully.
C:\Users\lesley\AppData\Local\ahegokidonotudok.dll moved successfully.
C:\Users\lesley\AppData\Local\enomihudu.dll moved successfully.
C:\Users\lesley\AppData\Local\ilawelijosi.dll moved successfully.
C:\Users\lesley\AppData\Local\ibopikeb.dll moved successfully.
C:\Users\lesley\AppData\Local\ifixoqirac.dll moved successfully.
C:\Users\lesley\AppData\Local\ebiwukaza.dll moved successfully.
C:\Users\lesley\AppData\Local\odorafoxosivolup.dll moved successfully.
C:\Users\lesley\AppData\Local\ajehoyop.dll moved successfully.
Error: Unable to interpret <:\Users\lesley\AppData\Local\ufepulukelikuf.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\evuderirif.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\ohubemojokesiy.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\ecogugek.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\ebeberer.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\ixebuxidetayol.dll> in the current context!
Error: Unable to interpret <c:\Users\lesley\AppData\Local\emiyugup.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\ufosuxidigibavuk.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\ezejiyerezuqah.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\ohazopes.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\uxaxemex.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\upukulej.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\amorowov.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\iresozoq.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\aruwuroviqo.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\efuyiyukejub.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\inojupiliyojo.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\ipidobuvogepu.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\ipobohid.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\ibeciquc.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\d3d9caps.dat> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\Amaloxubacepexo.dat> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\Jnidakusadiyu.bin> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\uvepamep.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\efidusex.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\evohecew.dll> in the current context!
Error: Unable to interpret <C:\Users\lesley\AppData\Local\exitoced.dll> in the current context!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: lesley
->Temp folder emptied: 2365034 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 365306700 bytes
->Apple Safari cache emptied: 10529792 bytes
->Flash cache emptied: 643 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: roger
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 361.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07202014_131212
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
here is the quick scan log file
 
 

OTL logfile created on: 20/07/2014 13:31:36 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lesley\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.75 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 56.84% Memory free
5.70 Gb Paging File | 4.50 Gb Available in Paging File | 78.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.98 Gb Total Space | 70.34 Gb Free Space | 50.61% Space Free | Partition Type: NTFS
Drive D: | 10.07 Gb Total Space | 1.75 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
 
Computer Name: LESLEY-PC | User Name: lesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/25 10:59:26 | 000,133,696 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2014/06/25 10:56:52 | 000,739,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/06/16 16:08:34 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014/04/30 20:10:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lesley\Desktop\OTL.exe
PRC - [2014/04/02 02:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.5.0.28\ccsvchst.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/07/16 14:43:04 | 000,241,664 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
PRC - [2009/07/16 14:42:20 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/06/13 15:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/01/21 03:33:22 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/15 20:02:16 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fbf434299b068c463296945c12845734\System.Runtime.Remoting.ni.dll
MOD - [2014/05/15 20:02:14 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18817faf786930adbb67d2df097ca382\System.EnterpriseServices.ni.dll
MOD - [2014/05/15 20:02:14 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18817faf786930adbb67d2df097ca382\System.EnterpriseServices.Wrapper.dll
MOD - [2014/05/15 20:02:13 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4c6ed86f523280f47b61a0e00dce712c\System.Transactions.ni.dll
MOD - [2014/05/15 01:07:58 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ea0f4218fb24bb1c150f7dc2d013cf59\System.Data.ni.dll
MOD - [2014/04/02 02:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/02 02:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/02 02:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/02 02:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/03/28 11:49:12 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/13 11:58:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/02/13 11:56:17 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/13 10:13:46 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/13 10:13:27 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/13 10:13:15 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/13 10:12:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71e362b114f878201540696b6d66bf45\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 10:12:22 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b46f1c203d1e4bec4597adf684ec1d41\PresentationFramework.ni.dll
MOD - [2014/02/13 10:11:58 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\07d57714fff9db216537473f4a777f22\PresentationCore.ni.dll
MOD - [2014/02/13 10:11:40 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d981bccab40fbbdc1d35bf2a58c947b7\WindowsBase.ni.dll
MOD - [2014/02/13 10:11:36 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/13 10:11:24 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.5.0.28\wincfi39.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/16 14:42:20 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
MOD - [2009/04/11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/11 03:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/10/01 00:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/10/01 00:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/10/01 00:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/10/01 00:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/10/01 00:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/10/01 00:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/10/01 00:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/10/01 00:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/06/13 15:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/07/08 23:04:19 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/25 10:59:26 | 000,133,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.5.0.28\ccSvcHst.exe -- (N360)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/07/20 18:21:59 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/16 14:43:04 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/19 18:53:05 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 17:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 06:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\symefa.sys -- (SymEFA)
DRV - [2013/05/22 17:40:20 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130810.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 17:40:18 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130810.005\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/21 06:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\symds.sys -- (SymDS)
DRV - [2013/05/18 12:15:59 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/05/17 15:30:54 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130809.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/05/16 06:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\1405000.01C\srtsp.sys -- (SRTSP)
DRV - [2013/04/25 01:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/16 03:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/05 02:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\ironx86.sys -- (SymIRON)
DRV - [2013/03/05 02:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1405000.01C\srtspx.sys -- (SRTSPX)
DRV - [2013/01/31 02:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 17:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/24 16:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/06/22 21:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/22 20:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/05/22 09:08:38 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009/05/22 09:08:38 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/05/22 09:04:04 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/05/22 09:04:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 20:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 23:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/21 03:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {1BF6ED5B-95B9-40F2-AF93-DE307057F6A6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1BF6ED5B-95B9-40F2-AF93-DE307057F6A6}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..extensions.enabledItems: {a763bd81-dd2b-6e49-34ce-c0d80e0a42f3}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: 
FF - prefs.js..browser.search.selectedEngine: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\lesley\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile Mobile Broadband Manager\addon [2010/06/12 15:06:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014/06/29 20:18:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2014/07/20 13:26:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/05/18 16:00:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/05 20:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/23 17:06:51 | 000,000,000 | ---D | M]
 
[2009/06/27 13:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lesley\AppData\Roaming\Mozilla\Extensions
[2014/07/18 15:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions
[2009/09/02 22:19:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/03 14:53:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\lesley\AppData\Roaming\Mozilla\Firefox\Profiles\l0q5u8vk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/26 00:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/26 00:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010/06/12 15:06:02 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\T-MOBILE MOBILE BROADBAND MANAGER\ADDON
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
File not found (No name found) -- C:\USERS\LESLEY\APPDATA\LOCAL\{337D5158-7284-4835-B7AF-CE4F08F7D7C2}
File not found (No name found) -- C:\USERS\LESLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L0Q5U8VK.DEFAULT\EXTENSIONS\{A763BD81-DD2B-6E49-34CE-C0D80E0A42F3}
[2014/04/29 23:29:32 | 000,002,065 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = https://uk.search.ya...p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Java™ Platform SE 7 U5 (Disabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Disabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Norton Identity Protection = C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc\2013.4.11.6_0\
CHR - Extension: SiteAdvisor = C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: Google Wallet = C:\Users\lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/07/17 10:40:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.5.0.28\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.5.0.28\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.5.0.28\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Free Mahjong Games] C:\Users\lesley\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9F1A67-0D74-4F73-8382-A961723E133C}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F2B3000-315B-4E23-A67B-FBFDEE106A0D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE65EEA7-EC85-45B6-A237-D1A115EDD8C8}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/18 08:39:44 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/18 08:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/18 08:38:14 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/07/18 08:38:14 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/07/18 08:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/07/17 10:20:20 | 000,000,000 | ---D | C] -- C:\_OTL
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/20 13:24:32 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/07/20 13:22:29 | 000,048,222 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/07/20 13:22:29 | 000,048,222 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/07/20 13:22:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/20 13:22:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/20 13:22:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/20 13:21:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/20 00:04:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/20 00:03:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/18 20:31:00 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/18 08:38:20 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/17 10:40:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/07/10 18:34:31 | 000,313,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010/07/27 22:52:47 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\uvepamep.dll
[2010/07/19 18:28:23 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\exitoced.dll
[2010/07/14 22:13:56 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\efidusex.dll
[2010/07/13 22:23:45 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\evohecew.dll
[2010/07/13 20:21:44 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ufepulukelikuf.dll
[2010/07/13 18:19:43 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\evuderirif.dll
[2010/07/13 00:56:10 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ohubemojokesiy.dll
[2010/07/12 22:54:09 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ecogugek.dll
[2010/07/12 20:52:09 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ebeberer.dll
[2010/07/11 23:41:04 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ixebuxidetayol.dll
[2010/07/11 21:29:27 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\emiyugup.dll
[2010/07/11 19:27:27 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ufosuxidigibavuk.dll
[2010/07/11 16:00:57 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ezejiyerezuqah.dll
[2010/07/10 23:53:11 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\ohazopes.dll
[2010/07/10 21:51:11 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\uxaxemex.dll
[2010/07/10 19:49:10 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\upukulej.dll
[2010/07/10 12:43:02 | 000,025,623 | ---- | C] () -- C:\Users\lesley\AppData\Local\amorowov.dll
[2010/07/09 17:28:08 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\iresozoq.dll
[2010/07/02 20:20:42 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\aruwuroviqo.dll
[2010/07/02 18:18:41 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\efuyiyukejub.dll
[2010/05/29 19:16:00 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\inojupiliyojo.dll
[2010/05/28 19:52:00 | 000,025,228 | ---- | C] () -- C:\Users\lesley\AppData\Local\ipidobuvogepu.dll
[2010/04/08 23:16:00 | 000,023,090 | ---- | C] () -- C:\Users\lesley\AppData\Local\ipobohid.dll
[2010/04/07 21:07:39 | 000,023,090 | ---- | C] () -- C:\Users\lesley\AppData\Local\ibeciquc.dll
[2010/01/30 22:08:18 | 000,008,484 | ---- | C] () -- C:\Users\lesley\AppData\Local\d3d9caps.dat
[2010/01/15 17:28:53 | 000,000,120 | ---- | C] () -- C:\Users\lesley\AppData\Local\Amaloxubacepexo.dat
[2010/01/15 17:28:53 | 000,000,000 | ---- | C] () -- C:\Users\lesley\AppData\Local\Jnidakusadiyu.bin
[2009/10/12 17:55:41 | 000,008,704 | ---- | C] () -- C:\Users\lesley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 20:18:00 | 000,048,222 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/24 20:10:48 | 000,048,222 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/14 17:49:08 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/06/22 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/02 01:16:04 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\EasyChat
[2009/07/28 00:30:04 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Gaijin Ent
[2010/08/14 01:30:58 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\lowsec
[2013/07/05 01:37:17 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Memory Resource
[2010/06/26 00:26:13 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Program Files
[2010/08/01 00:48:11 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\Titanium Gears
[2009/06/24 20:08:29 | 000,000,000 | ---D | M] -- C:\Users\lesley\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D287FACF
 
< End of report >
 
 
thanks again

  • 0

#13
zep516
Posted 20 July 2014 - 09:06 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Tell me what issues remain with the computer ? pop ups, redirects, things like that..

Joe
  • 0

#14
nigella
Posted 21 July 2014 - 11:26 AM

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts
Everything seems ok there are no pop ups and the like. The only thing is there are two programmes that come up and ask whether to run or cancel. One of them I think is a ms version control programme and there is a java update I think, I will take a couple of screen shots and upload them
  • 0

#15
zep516
Posted 21 July 2014 - 04:14 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
OK.

Get the screen shots to me.

And for your information,

Note
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.

Joe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP