Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help to remove websearch.mocaflix.com [Solved]

Started by tyler4402 , Nov 21 2012 08:57 AM

  • This topic is locked This topic is locked

#16
tyler4402
Posted 01 December 2012 - 06:22 AM

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi Gringo, sorry again what are fixes? I just found the OTL prog which was in a folder and clicked on it and it started automatically then I posted the result to you, I don't know if it had anything to do with the OTL scan but afterwords I could not send and receive emails, I had to reset my email prog.
I am just a bit nervous now as it has cost me a good chunk :( to repair the MBR? and get the PC working again, so if you can explain what no fixes are and what to do next I will carefully proceed. Regards Robert.
  • 0

Advertisements

#17
gringo_pr
Posted 01 December 2012 - 11:38 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
the last report you sent me was from a fix

see how it removed things and it looks like it was done in may



Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

#18
tyler4402
Posted 01 December 2012 - 01:05 PM

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi Gringo
I hope this is ok for you, regards Robert

OTL logfile created on: 01/12/2012 18:48:21 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = I:\Users\Robert\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.49 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 60.07% Memory free
8.73 Gb Paging File | 7.21 Gb Available in Paging File | 82.68% Paging File free
Paging file location(s): i:\pagefile.sys 5362 10725 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files
Drive E: | 76.32 Gb Total Space | 42.71 Gb Free Space | 55.96% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 103.36 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
Drive I: | 465.75 Gb Total Space | 383.60 Gb Free Space | 82.36% Space Free | Partition Type: NTFS

Computer Name: BLACKBESS | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - I:\Users\Robert\Desktop\OTL.exe (OldTimer Tools)
PRC - I:\Program Files\Comodo\Dragon\dragon_updater.exe ()
PRC - I:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - I:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - I:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
PRC - I:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - I:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - I:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - I:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - I:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - I:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - I:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - I:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - I:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - I:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - I:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - I:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - I:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - I:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - I:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)
PRC - I:\Program Files\Realtek\RtkDashClientInstaller\RtkDashClient.exe (Realtek Semiconductor Corporation)
PRC - I:\Windows\explorer.exe (Microsoft Corporation)
PRC - I:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation)
PRC - I:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - I:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - I:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - I:\Program Files\D-Link\DWA-140 Driver\ALPBCSVC.exe ()
PRC - I:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - I:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - I:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - I:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - I:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe ()
PRC - I:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - I:\Windows\Dit.exe ()
PRC - I:\Windows\DitExp.exe ()


========== Modules (No Company Name) ==========

MOD - I:\Program Files\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll ()
MOD - I:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll ()
MOD - I:\Program Files\Google\Chrome\Application\23.0.1271.95\libglesv2.dll ()
MOD - I:\Program Files\Google\Chrome\Application\23.0.1271.95\libegl.dll ()
MOD - I:\Program Files\Google\Chrome\Application\23.0.1271.95\avutil-51.dll ()
MOD - I:\Program Files\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll ()
MOD - I:\Program Files\Google\Chrome\Application\23.0.1271.95\avformat-54.dll ()
MOD - i:\Program Files\MocaFlix\sprotector.dll ()
MOD - I:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - I:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
MOD - I:\Program Files\IObit\Smart Defrag 2\NtfsData.dll ()
MOD - I:\Windows\Dit.exe ()
MOD - I:\Windows\DitExp.exe ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- I:\Program Files\Spybot File not found
SRV - (ACDaemon) -- File not found
SRV - (DragonUpdater) -- I:\Program Files\Comodo\Dragon\dragon_updater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- I:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (cmdAgent) -- I:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (avast! Antivirus) -- I:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (RapportMgmtService) -- I:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (nvUpdatusService) -- I:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- I:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TomTomHOMEService) -- I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SkypeUpdate) -- I:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Secunia PSI Agent) -- I:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- I:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (WatAdminSvc) -- I:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WAS) -- I:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- I:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- I:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- I:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ALPBCSVC) -- I:\Program Files\D-Link\DWA-140 Driver\ALPBCSVC.exe ()
SRV - (AppleChargerSrv) -- I:\Windows\System32\AppleChargerSrv.exe ()
SRV - (Smart TimeLock) -- I:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (UNS) -- I:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- I:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (StorSvc) -- I:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- I:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- I:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- I:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (DES2 Service) -- I:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe ()


========== Driver Services (SafeList) ==========

DRV - (catchme) -- I:\Users\Robert\AppData\Local\Temp\catchme.sys File not found
DRV - (gdrv) -- I:\Windows\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (inspect) -- I:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdGuard) -- I:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (cmdHlp) -- I:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (aswSnx) -- I:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- I:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- I:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- I:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- I:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RapportEI) -- I:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- I:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- I:\Windows\System32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportCerberus_43926) -- I:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ()
DRV - (aswRdr) -- I:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (nvlddmkm) -- I:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RapportIaso) -- i:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys (Trusteer Ltd.)
DRV - (PSI) -- I:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (GVTDrv) -- I:\Windows\System32\drivers\GVTDrv.sys ()
DRV - (RtDashPt) -- I:\Windows\System32\drivers\RtDashPt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (SmartDefragDriver) -- I:\Windows\System32\drivers\SmartDefragDriver.sys ()
DRV - (TsUsbFlt) -- I:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- I:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- I:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- I:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- I:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- I:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- I:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- I:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VX3000) -- I:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (AppleCharger) -- I:\Windows\System32\drivers\AppleCharger.sys ()
DRV - (netr28u) -- I:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (HECI) -- I:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (vwifimp) -- I:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- I:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..\SearchScopes,DefaultScope = {F4B8C691-B2D1-42E4-A0D1-AEE62D43A1F3}
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..\SearchScopes\{37C74BF5-79CE-454D-A1CD-B2BF21CBB710}: "URL" = http://www.talktalk....y={searchTerms}
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..\SearchScopes\{4642AD93-C30A-4FEF-833B-F7431F3C954D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..\SearchScopes\{8E926EE7-E86E-49A1-A124-199EC817719C}: "URL" = http://blekko.com/ws...rchTerms}&r=971
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..\SearchScopes\{E45CD296-FDFA-492E-A4BF-5CDC3BCF7A36}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..\SearchScopes\{F4B8C691-B2D1-42E4-A0D1-AEE62D43A1F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...s}&fr=chr-i3752
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.mocaflix.com/"
FF - prefs.js..keyword.URL: "http://websearch.moc...ix.com/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.moc...ix.com/?l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: I:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: I:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: I:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: I:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: i:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: I:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: I:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: I:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: I:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: I:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)


[2012/04/13 09:52:15 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2011/10/18 18:23:35 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Robert\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/07 23:02:24 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Robert\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/10/04 15:23:52 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\extensions
[2012/10/01 15:48:47 | 000,000,000 | ---D | M] ("Installation Assistant") -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\extensions\[email protected]
[2012/10/01 15:48:46 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\extensions\[email protected]\chrome\content\extensionCode
[2012/10/01 15:49:47 | 000,001,435 | ---- | M] () -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\searchplugins\spamfreesearch.xml
[2012/11/09 00:29:11 | 000,000,544 | ---- | M] () -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\searchplugins\WebSearch.xml
[2012/11/14 22:40:38 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2012/10/18 08:20:38 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.talktalk.co.uk/
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.27_0\crossrider
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.27_0\
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/09/02 20:29:22 | 000,000,854 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - I:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - I:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - I:\Program Files\SpeedBit Video Downloader\TBUB9\tbcore3.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - I:\Program Files\SpeedBit Video Downloader\TBUB9\Grabber.dll (SpeedBit)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - I:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - I:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] I:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] I:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Dit] I:\Windows\Dit.exe ()
O4 - HKLM..\Run: [IntelliPoint] i:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] i:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VX3000] I:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*CA] "I:\Program Files\Comodo\GeekBuddy\launcher.exe" "unit_manager.exe" "lps-ca" File not found
O4 - HKU\S-1-5-21-3619600033-2495703809-3358291532-1003..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3619600033-2495703809-3358291532-1003..\RunOnce: [WAB Migrate] I:\Program Files\Windows Mail\wab.exe (Microsoft Corporation)
O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: I:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TalkTalk Setup CD Reporting Tool.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - I:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - I:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - I:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..Trusted Domains: computeractive.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...aL2ig_0fSS8.cab (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradv....0/ghostery.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9547F408-0CEE-42E5-87F0-D38FB133271B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9547F408-0CEE-42E5-87F0-D38FB133271B}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2674B42-430A-4A43-B95D-B6A5F751A3A8}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - I:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (i:\Windows\System32\guard32.dll) - I:\Windows\System32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (i:\PROGRA~1\MocaFlix\SPROTE~1.DLL) - i:\Program Files\MocaFlix\sprotector.dll ()
O20 - AppInit_DLLs: (I:\Windows\System32\guard32.dll) - I:\Windows\System32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (I:\Windows\system32\guard32.dll) - I:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\Windows\system32\userinit.exe) - I:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/09 00:18:39 | 000,000,000 | ---D | M] - G:\Auto data -- [ NTFS ]
O32 - AutoRun File - [2011/08/23 08:48:18 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/01 18:43:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- I:\Users\Robert\Desktop\OTL.exe
[2012/12/01 10:20:23 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{DF50E7AB-987F-4D36-8D75-5482F953F418}
[2012/11/30 16:43:58 | 000,000,000 | ---D | C] -- I:\Users\Robert\Documents\Short term saves
[2012/11/30 09:14:54 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C1954D1D-7207-4B64-AE40-74266262B4D0}
[2012/11/29 19:30:00 | 000,000,000 | ---D | C] -- I:\ProgramData\CPA_VA
[2012/11/29 19:22:21 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/11/29 19:22:14 | 000,045,832 | ---- | C] (COMODO CA Limited) -- I:\Windows\System32\certsentry.dll
[2012/11/29 19:22:08 | 000,000,000 | ---D | C] -- I:\Program Files\Comodo
[2012/11/29 19:09:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{B3715C90-89CC-4EB4-A3A0-F85EB93A6AEB}
[2012/11/29 19:07:39 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/11/29 19:07:11 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Mouse and Keyboard Center
[2012/11/29 10:25:00 | 000,000,000 | -HSD | C] -- I:\RECYCLER
[2012/11/28 10:37:53 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{08DF100C-6F24-4545-803A-A083D3F1275F}
[2012/11/27 16:34:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\Desktop\Tools
[2012/11/27 12:01:59 | 000,000,000 | ---D | C] -- I:\ProgramData\Premium
[2012/11/27 12:01:06 | 000,000,000 | ---D | C] -- I:\ProgramData\InstallMate
[2012/11/26 16:31:23 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{311833E0-F032-44ED-AA13-DF4951ED27BC}
[2012/11/26 16:29:38 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{37ACD547-F320-4D8C-AF37-FA6353614988}
[2012/11/26 16:28:16 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{044BB7A6-1452-46D9-B584-E1F551C2363B}
[2012/11/25 21:41:29 | 000,000,000 | ---D | C] -- I:\SMRTNTKY
[2012/11/25 13:28:20 | 000,017,488 | ---- | C] (Windows ® 2000 DDK provider) -- I:\Windows\gdrv.sys
[2012/11/24 20:32:36 | 000,000,000 | ---D | C] -- I:\$WINDOWS.~BT
[2012/11/24 18:42:23 | 001,227,776 | ---- | C] (Atheros Communications, Inc.) -- I:\Windows\System32\athr.sys
[2012/11/24 18:42:23 | 000,000,000 | ---D | C] -- I:\Windows\Options
[2012/11/24 17:58:15 | 000,000,000 | ---D | C] -- I:\ProgramData\TP-LINK
[2012/11/24 17:44:10 | 000,000,000 | -HSD | C] -- I:\$RECYCLE.BIN
[2012/11/23 16:26:51 | 000,000,000 | --SD | C] -- I:\ComboFix
[2012/11/23 15:58:57 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{19FFEFAF-0FE0-451C-8B93-4227F545876C}
[2012/11/23 15:51:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{6333E1A9-01A0-41AF-BBE7-0A2E62E6D154}
[2012/11/23 10:09:58 | 000,518,144 | ---- | C] (SteelWerX) -- I:\Windows\SWREG.exe
[2012/11/23 10:09:58 | 000,406,528 | ---- | C] (SteelWerX) -- I:\Windows\SWSC.exe
[2012/11/23 10:09:58 | 000,060,416 | ---- | C] (NirSoft) -- I:\Windows\NIRCMD.exe
[2012/11/22 22:08:07 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BA43E104-273F-4599-9C61-AA87A291CF11}
[2012/11/22 19:21:29 | 000,000,000 | ---D | C] -- I:\Qoobox
[2012/11/22 19:20:44 | 000,000,000 | ---D | C] -- I:\Windows\erdnt
[2012/11/22 10:07:43 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{AE5373F9-A16F-4FF6-9A61-61397AA21B47}
[2012/11/21 14:29:26 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{E157A4AB-1CC5-4049-B488-2C1B3D3533A0}
[2012/11/20 23:55:48 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{03414DEA-D1E2-4CDD-9972-180954371ABC}
[2012/11/20 10:41:30 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{84F52A28-AEFF-40EB-91EC-8542EE03F507}
[2012/11/19 11:24:08 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{137AA23F-1AAD-41BD-963E-B66097636390}
[2012/11/18 21:48:22 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{2909A1E9-76E9-4B76-86F2-6B63167B7697}
[2012/11/18 18:33:07 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/11/18 09:48:00 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{2002163C-D937-43F4-A1B3-1F0C3FBB6FF5}
[2012/11/17 09:29:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{56D8AF4B-76DA-4958-A3E5-3188ACD381D2}
[2012/11/16 10:19:50 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{389694C8-D96C-4865-9745-C04458A08E52}
[2012/11/15 22:19:33 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0E68A6BB-3A68-4DC9-87E6-665BFC907EDC}
[2012/11/15 19:55:12 | 000,000,000 | ---D | C] -- I:\Users\Robert\Documents\Letters to Tech help
[2012/11/15 19:34:40 | 000,000,000 | ---D | C] -- I:\Users\Public\Documents\sun
[2012/11/15 19:10:29 | 000,000,000 | ---D | C] -- I:\Users\Robert\Torrent downloads
[2012/11/15 19:02:12 | 000,000,000 | --SD | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012/11/15 10:19:15 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{5954DDB9-9BB7-4BDF-A982-001DE2D10B00}
[2012/11/14 16:59:32 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{97484CC5-F349-422A-B971-1D8DF8CE00B1}
[2012/11/14 10:44:57 | 000,047,720 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\WdfLdr.sys
[2012/11/14 10:44:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\Wdfres.dll
[2012/11/14 10:44:26 | 000,172,032 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFPlatform.dll
[2012/11/14 10:44:23 | 000,613,888 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFx.dll
[2012/11/14 10:44:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFCoinstaller.dll
[2012/11/14 10:43:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtml.tlb
[2012/11/14 10:43:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jsproxy.dll
[2012/11/14 10:43:56 | 000,607,744 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll
[2012/11/14 10:43:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2012/11/14 10:43:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieUnatt.exe
[2012/11/14 10:43:55 | 001,800,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2012/11/14 10:43:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\url.dll
[2012/11/14 10:43:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl
[2012/11/14 09:46:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iisRtl.dll
[2012/11/14 09:46:29 | 000,050,688 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\admwprox.dll
[2012/11/14 09:46:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iisreset.exe
[2012/11/14 09:46:28 | 000,026,624 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ahadmin.dll
[2012/11/14 09:46:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wamregps.dll
[2012/11/14 09:46:28 | 000,008,192 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iisrstap.dll
[2012/11/14 09:46:16 | 000,175,104 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\netcorehc.dll
[2012/11/14 09:46:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ncsi.dll
[2012/11/14 09:46:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\netevent.dll
[2012/11/14 09:46:07 | 000,078,336 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\synceng.dll
[2012/11/14 09:46:05 | 002,345,984 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\win32k.sys
[2012/11/14 09:46:01 | 000,193,536 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\dhcpcore6.dll
[2012/11/14 09:46:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\dhcpcsvc6.dll
[2012/11/14 00:12:03 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{1D2154BB-DDF3-4766-B837-3E4FEC5D96E9}
[2012/11/13 14:36:36 | 000,000,000 | ---D | C] -- I:\ProgramData\vsosdk
[2012/11/13 14:18:20 | 000,000,000 | ---D | C] -- I:\Users\Robert\Documents\ConvertXToDVD
[2012/11/13 14:05:20 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2012/11/13 14:05:16 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- I:\Windows\System32\drv43260.dll
[2012/11/13 14:05:16 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- I:\Windows\System32\sipr3260.dll
[2012/11/13 14:05:15 | 000,626,688 | ---- | C] (On2.com) -- I:\Windows\System32\vp7vfw.dll
[2012/11/13 14:05:15 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- I:\Windows\System32\drv33260.dll
[2012/11/13 14:05:15 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- I:\Windows\System32\drv23260.dll
[2012/11/13 14:05:15 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- I:\Windows\System32\cook3260.dll
[2012/11/13 14:05:14 | 001,184,984 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wvc1dmod.dll
[2012/11/13 14:05:12 | 000,000,000 | ---D | C] -- I:\Program Files\VSO
[2012/11/13 09:53:38 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{18EBE3F9-C9DC-4D52-ADFD-8644118946E8}
[2012/11/12 09:39:39 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{CA1DFE09-EB73-43BF-B4B3-E1C696E5112F}
[2012/11/11 22:37:30 | 000,000,000 | ---D | C] -- I:\Downloads
[2012/11/11 12:27:07 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{3CC32182-30FC-4BC2-ACCF-76CCB1FAA74E}
[2012/11/11 00:26:41 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{5FD406BD-C824-47B4-B50B-D4810280ED57}
[2012/11/10 10:26:42 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{7B7D3210-F7A1-4EC8-9B75-01A6C22BFDBF}
[2012/11/09 09:56:52 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C59ED8DF-136C-4628-82AE-431A1F86E1FA}
[2012/11/09 00:29:12 | 000,000,000 | ---D | C] -- I:\Program Files\MocaFlix
[2012/11/08 21:56:35 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{81A8E1B7-82CE-48C6-B3E3-68036E0B0B89}
[2012/11/08 10:30:38 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/08 09:56:10 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{68B32943-A86B-4F5C-93E5-1ABDA63FB8E5}
[2012/11/07 23:37:58 | 000,082,952 | ---- | C] (COMODO) -- I:\Windows\System32\drivers\inspect.sys
[2012/11/07 23:37:56 | 000,494,416 | ---- | C] (COMODO) -- I:\Windows\System32\drivers\cmdGuard.sys
[2012/11/07 23:37:56 | 000,036,072 | ---- | C] (COMODO) -- I:\Windows\System32\drivers\cmdhlp.sys
[2012/11/07 23:37:54 | 000,019,632 | ---- | C] (COMODO) -- I:\Windows\System32\drivers\cmderd.sys
[2012/11/07 23:37:36 | 000,301,264 | ---- | C] (COMODO) -- I:\Windows\System32\guard32.dll
[2012/11/07 23:37:36 | 000,034,024 | ---- | C] (COMODO) -- I:\Windows\System32\cmdcsr.dll
[2012/11/07 21:54:52 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{802FD891-BC33-4C0D-B9F9-DD69AE48841F}
[2012/11/07 09:54:26 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{3DD18646-B428-400A-BBA9-096DFC6C2AE4}
[2012/11/06 11:33:02 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{889C3A5B-C130-43A5-BD52-E148332FC3F9}
[2012/11/05 23:32:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{554B3327-9511-4D79-AF3F-62716BEE0CD1}
[2012/11/05 09:39:02 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{90E1862E-C9DF-4D41-91EB-46958235610D}
[2012/11/04 10:43:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{8DEC518E-8B20-4B7E-A7DA-DD347D7F3401}
[2012/11/03 11:00:58 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{54D14864-6456-4EA4-8022-BEE15D13609D}
[2012/11/02 15:37:10 | 001,629,040 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WdfCoInstaller01011.dll
[2012/11/02 15:37:10 | 000,862,664 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msvcr110.dll
[2012/11/02 15:37:10 | 000,534,480 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msvcp110.dll
[2012/11/02 15:37:10 | 000,251,864 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\vccorlib110.dll
[2012/11/02 12:25:33 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{4B17BCAF-0DFE-46FF-8803-27B6CEC126FF}
[2012/11/01 23:55:03 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{FC078FDC-5387-4E24-AF07-B1614FD99CD8}
[2011/12/30 00:12:35 | 000,086,016 | ---- | C] (3 Techies in a Box) -- I:\Program Files\txtclean.exe

========== Files - Modified Within 30 Days ==========

[2012/12/01 18:44:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\Users\Robert\Desktop\OTL.exe
[2012/12/01 18:27:00 | 000,000,830 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/01 18:14:00 | 000,000,886 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/01 17:41:25 | 000,031,104 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 17:41:25 | 000,031,104 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 16:03:00 | 000,000,882 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/01 10:24:42 | 000,685,720 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2012/12/01 10:24:42 | 000,129,440 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2012/12/01 10:17:42 | 000,065,536 | ---- | M] () -- I:\Windows\System32\Ikeext.etl
[2012/12/01 10:17:41 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- I:\Windows\gdrv.sys
[2012/12/01 10:17:41 | 000,000,882 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore1cd612a7c6e57f5.job
[2012/12/01 10:17:41 | 000,000,296 | ---- | M] () -- I:\Windows\tasks\RtlDashSrvStart.job
[2012/12/01 10:17:23 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2012/12/01 10:17:19 | 2811,879,424 | -HS- | M] () -- I:\hiberfil.sys
[2012/11/29 22:06:42 | 000,101,791 | ---- | M] () -- I:\Users\Robert\Documents\This explains why I forward stuff-er.eml
[2012/11/29 20:59:22 | 000,045,832 | ---- | M] (COMODO CA Limited) -- I:\Windows\System32\certsentry.dll
[2012/11/29 19:22:33 | 000,001,236 | ---- | M] () -- I:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/11/29 19:07:39 | 000,000,000 | -H-- | M] () -- I:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf
[2012/11/29 10:17:56 | 391,306,172 | ---- | M] () -- I:\Windows\MEMORY.DMP
[2012/11/25 13:16:15 | 000,000,010 | ---- | M] () -- I:\Windows\GSetup.ini
[2012/11/24 20:33:33 | 000,001,908 | ---- | M] () -- I:\Windows\diagwrn.xml
[2012/11/24 20:33:33 | 000,001,908 | ---- | M] () -- I:\Windows\diagerr.xml
[2012/11/21 21:45:49 | 000,000,000 | ---- | M] () -- I:\Users\Robert\defogger_reenable
[2012/11/21 20:34:38 | 000,001,057 | ---- | M] () -- I:\Users\Robert\AppData\Roaming\vso_ts_preview.xml
[2012/11/21 09:00:00 | 000,002,577 | ---- | M] () -- I:\Windows\System32\config.nt
[2012/11/16 08:37:29 | 000,442,080 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2012/11/13 14:05:20 | 000,001,192 | ---- | M] () -- I:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2012/11/09 16:57:49 | 000,009,662 | ---- | M] () -- I:\Windows\EPISME00.SWB
[2012/11/08 17:28:23 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\System32\FlashPlayerApp.exe
[2012/11/08 17:28:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/07 23:37:58 | 000,082,952 | ---- | M] (COMODO) -- I:\Windows\System32\drivers\inspect.sys
[2012/11/07 23:37:56 | 000,494,416 | ---- | M] (COMODO) -- I:\Windows\System32\drivers\cmdGuard.sys
[2012/11/07 23:37:56 | 000,036,072 | ---- | M] (COMODO) -- I:\Windows\System32\drivers\cmdhlp.sys
[2012/11/07 23:37:54 | 000,019,632 | ---- | M] (COMODO) -- I:\Windows\System32\drivers\cmderd.sys
[2012/11/07 23:37:36 | 000,301,264 | ---- | M] (COMODO) -- I:\Windows\System32\guard32.dll
[2012/11/07 23:37:36 | 000,034,024 | ---- | M] (COMODO) -- I:\Windows\System32\cmdcsr.dll
[2012/11/05 15:29:53 | 000,021,054 | ---- | M] () -- I:\Users\Robert\Documents\Foreign telephone operators [Incident_ 121030-003401].eml
[2012/11/02 15:37:10 | 001,629,040 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\WdfCoInstaller01011.dll
[2012/11/02 15:37:10 | 000,862,664 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\msvcr110.dll
[2012/11/02 15:37:10 | 000,534,480 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\msvcp110.dll
[2012/11/02 15:37:10 | 000,251,864 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\vccorlib110.dll

========== Files Created - No Company Name ==========

[2012/11/29 22:06:41 | 000,101,791 | ---- | C] () -- I:\Users\Robert\Documents\This explains why I forward stuff-er.eml
[2012/11/29 19:22:33 | 000,001,236 | ---- | C] () -- I:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/11/29 19:07:39 | 000,000,000 | -H-- | C] () -- I:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf
[2012/11/29 10:17:56 | 391,306,172 | ---- | C] () -- I:\Windows\MEMORY.DMP
[2012/11/24 18:42:23 | 000,271,142 | ---- | C] () -- I:\Windows\System32\netathr.inf
[2012/11/24 18:42:23 | 000,050,992 | ---- | C] () -- I:\Windows\System32\athrext.cat
[2012/11/23 10:09:58 | 000,256,000 | ---- | C] () -- I:\Windows\PEV.exe
[2012/11/23 10:09:58 | 000,208,896 | ---- | C] () -- I:\Windows\MBR.exe
[2012/11/23 10:09:58 | 000,098,816 | ---- | C] () -- I:\Windows\sed.exe
[2012/11/23 10:09:58 | 000,080,412 | ---- | C] () -- I:\Windows\grep.exe
[2012/11/23 10:09:58 | 000,068,096 | ---- | C] () -- I:\Windows\zip.exe
[2012/11/21 21:45:49 | 000,000,000 | ---- | C] () -- I:\Users\Robert\defogger_reenable
[2012/11/18 13:45:16 | 003,536,817 | ---- | C] () -- I:\Windows\System32\nvcoproc.bin
[2012/11/14 10:45:06 | 000,000,003 | ---- | C] () -- I:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 10:44:22 | 000,000,003 | ---- | C] () -- I:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 14:06:24 | 000,001,057 | ---- | C] () -- I:\Users\Robert\AppData\Roaming\vso_ts_preview.xml
[2012/11/13 14:05:20 | 000,001,192 | ---- | C] () -- I:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2012/11/05 15:29:52 | 000,021,054 | ---- | C] () -- I:\Users\Robert\Documents\Foreign telephone operators [Incident_ 121030-003401].eml
[2012/09/25 22:40:17 | 000,003,584 | ---- | C] () -- I:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/22 12:48:03 | 000,129,024 | ---- | C] () -- I:\Windows\System32\AVERM.dll
[2012/07/13 15:24:54 | 000,003,177 | ---- | C] () -- I:\ProgramData\repository.xml
[2012/04/19 14:07:19 | 000,007,620 | ---- | C] () -- I:\Users\Robert\AppData\Local\resmon.resmoncfg
[2012/01/28 17:13:28 | 000,084,444 | ---- | C] () -- I:\Windows\UNINST.EXE
[2012/01/28 17:13:28 | 000,001,198 | ---- | C] () -- I:\Windows\Onflash.ini
[2012/01/27 17:39:44 | 000,176,128 | ---- | C] () -- I:\Windows\Dit.DLL
[2012/01/27 17:39:44 | 000,000,236 | ---- | C] () -- I:\Windows\Dit.INI
[2012/01/27 17:39:43 | 000,081,920 | ---- | C] () -- I:\Windows\Dit.exe
[2012/01/27 17:39:39 | 000,061,440 | ---- | C] () -- I:\Windows\DitExp.exe
[2012/01/11 09:53:58 | 000,015,672 | ---- | C] () -- I:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/12/30 17:43:16 | 000,000,193 | ---- | C] () -- I:\Windows\System32\account.dat
[2011/11/16 13:39:38 | 000,028,672 | ---- | C] () -- I:\Windows\System32\AVEQT.dll
[2011/10/10 18:20:51 | 000,000,025 | ---- | C] () -- I:\Windows\CDE DX4800EFGIPSD.ini
[2011/10/10 08:53:23 | 000,089,430 | ---- | C] () -- I:\Windows\System32\EPPICPrinterDB.dat
[2011/10/10 08:53:23 | 000,026,154 | ---- | C] () -- I:\Windows\System32\EPPICPattern1.dat
[2011/10/10 08:53:23 | 000,024,903 | ---- | C] () -- I:\Windows\System32\EPPICPattern3.dat
[2011/10/10 08:53:23 | 000,021,390 | ---- | C] () -- I:\Windows\System32\EPPICPattern5.dat
[2011/10/10 08:53:23 | 000,020,148 | ---- | C] () -- I:\Windows\System32\EPPICPattern2.dat
[2011/10/10 08:53:23 | 000,011,811 | ---- | C] () -- I:\Windows\System32\EPPICPattern4.dat
[2011/10/10 08:53:23 | 000,004,943 | ---- | C] () -- I:\Windows\System32\EPPICPattern6.dat
[2011/10/10 08:53:23 | 000,001,146 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_DU.dat
[2011/10/10 08:53:23 | 000,001,139 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_PT.dat
[2011/10/10 08:53:23 | 000,001,139 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_BP.dat
[2011/10/10 08:53:23 | 000,001,136 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_ES.dat
[2011/10/10 08:53:23 | 000,001,129 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_FR.dat
[2011/10/10 08:53:23 | 000,001,129 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_CF.dat
[2011/10/10 08:53:23 | 000,001,120 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_IT.dat
[2011/10/10 08:53:23 | 000,001,107 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_GE.dat
[2011/10/10 08:53:23 | 000,001,104 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_EN.dat
[2011/10/10 08:53:23 | 000,000,099 | ---- | C] () -- I:\Windows\System32\PICSDK.ini
[2011/10/05 15:26:55 | 000,001,324 | ---- | C] () -- I:\Windows\System32\.ini
[2011/10/04 10:16:25 | 001,294,449 | ---- | C] () -- I:\Windows\System32\drivers\sfi.dat
[2011/10/01 19:34:36 | 000,021,412 | ---- | C] () -- I:\Windows\System32\emptyregdb.dat
[2011/09/30 13:53:11 | 000,080,416 | ---- | C] () -- I:\Windows\System32\RtNicProp32.dll
[2011/09/29 18:56:24 | 000,024,944 | ---- | C] () -- I:\Windows\System32\drivers\GVTDrv.sys
[2011/09/29 16:33:01 | 000,208,896 | ---- | C] () -- I:\Windows\System32\CommCmd.dll
[2011/09/29 16:28:44 | 000,031,272 | ---- | C] () -- I:\Windows\System32\AppleChargerSrv.exe
[2011/09/29 16:28:44 | 000,019,496 | ---- | C] () -- I:\Windows\System32\drivers\AppleCharger.sys
[2011/09/29 16:23:36 | 000,000,010 | ---- | C] () -- I:\Windows\GSetup.ini
[2011/09/24 01:05:08 | 000,012,800 | ---- | C] () -- I:\Windows\System32\drivers\anodlwf.sys
[2011/09/24 01:05:03 | 000,013,931 | ---- | C] () -- I:\Windows\System32\RaCoInst.dat
[2011/09/10 16:16:56 | 000,000,090 | ---- | C] () -- I:\Windows\System32\ftm31.dat
[2011/09/10 13:55:12 | 000,253,008 | ---- | C] () -- I:\Windows\adirasx64.exe
[2011/09/10 13:55:10 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9P2.BIN
[2011/09/10 13:55:10 | 000,024,576 | ---- | C] () -- I:\Windows\enddisk32.exe
[2011/09/10 13:55:09 | 000,152,308 | ---- | C] () -- I:\Windows\System32\drivers\L1E4I2.BIN
[2011/09/10 13:55:09 | 000,152,306 | ---- | C] () -- I:\Windows\System32\drivers\L1E4I1.BIN
[2011/09/10 13:55:09 | 000,152,306 | ---- | C] () -- I:\Windows\System32\drivers\L1E4I0.BIN
[2011/09/10 13:55:09 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9P1.BIN
[2011/09/10 13:55:09 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9P0.BIN
[2011/09/10 13:55:09 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9I2.BIN
[2011/09/10 13:55:09 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9I1.BIN
[2011/09/10 13:55:09 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9I0.BIN
[2011/09/10 13:55:08 | 000,152,146 | ---- | C] () -- I:\Windows\System32\drivers\L1E4P2.BIN
[2011/09/10 13:55:08 | 000,152,145 | ---- | C] () -- I:\Windows\System32\drivers\L1E4P1.BIN
[2011/09/10 13:55:08 | 000,152,145 | ---- | C] () -- I:\Windows\System32\drivers\L1E4P0.BIN
[2011/09/10 13:55:08 | 000,152,036 | ---- | C] () -- I:\Windows\System32\drivers\L1E4D2.BIN
[2011/09/10 13:55:08 | 000,152,034 | ---- | C] () -- I:\Windows\System32\drivers\L1E4D1.BIN
[2011/09/10 13:55:08 | 000,152,034 | ---- | C] () -- I:\Windows\System32\drivers\L1E4D0.BIN
[2011/09/08 12:36:08 | 000,000,014 | ---- | C] () -- I:\Windows\adiras.ini
[2011/08/11 07:00:08 | 000,100,728 | ---- | C] () -- I:\Windows\System32\rsslink.dll

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- I:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 702 bytes -> I:\Users\Robert\Documents\Warning to men Sainsbury's scam-ju.eml:OECustomProperty
@Alternate Data Stream - 690 bytes -> I:\Users\Robert\Documents\This explains why I forward stuff-er.eml:OECustomProperty
@Alternate Data Stream - 122 bytes -> I:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 1141 bytes -> I:\Users\Robert\Documents\Foreign telephone operators [Incident_ 121030-003401].eml:OECustomProperty
@Alternate Data Stream - 1103 bytes -> I:\Users\Robert\Documents\Train service disruption last week.eml:OECustomProperty

< End of report >
  • 0

#19
gringo_pr
Posted 01 December 2012 - 04:31 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnce: [*CA] "I:\Program Files\Comodo\GeekBuddy\launcher.exe" "unit_manager.exe" "lps-ca" File not found
O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradv....0/ghostery.cab (Reg Error: Key error.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope =
@Alternate Data Stream - 702 bytes -> I:\Users\Robert\Documents\Warning to men Sainsbury's scam-ju.eml:OECustomProperty
@Alternate Data Stream - 690 bytes -> I:\Users\Robert\Documents\This explains why I forward stuff-er.eml:OECustomProperty
@Alternate Data Stream - 122 bytes -> I:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 1141 bytes -> I:\Users\Robert\Documents\Foreign telephone operators [Incident_ 121030-003401].eml:OECustomProperty
@Alternate Data Stream - 1103 bytes -> I:\Users\Robert\Documents\Train service disruption last week.eml:OECustomProperty    
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..\SearchScopes\{8E926EE7-E86E-49A1-A124-199EC817719C}: "URL" = http://blekko.com/ws...rchTerms}&r=971
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.mocaflix.com/"
FF - prefs.js..keyword.URL: "http://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
[2012/10/01 15:48:47 | 000,000,000 | ---D | M] ("Installation Assistant") -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\extensions\[email protected]
[2012/10/01 15:48:46 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\extensions\[email protected]\chrome\content\extensionCode
[2012/10/01 15:49:47 | 000,001,435 | ---- | M] () -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\searchplugins\spamfreesearch.xml
[2012/11/09 00:29:11 | 000,000,544 | ---- | M] () -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\searchplugins\WebSearch.xml
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - I:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
:Files
I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi
ipconfig /flushdns /c
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

#20
tyler4402
Posted 02 December 2012 - 04:49 AM

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi Gringo, here is the notepad log, the PC did not reboot or ask to, so I just copied the log to you. Regards Robert

Error: Unable to interpret <IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found> in the current context!
Error: Unable to interpret <FF - user.js - File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnce: [*CA] "I:\Program Files\Comodo\GeekBuddy\launcher.exe" "unit_manager.exe" "lps-ca" File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradv....0/ghostery.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <@Alternate Data Stream - 702 bytes -> I:\Users\Robert\Documents\Warning to men Sainsbury's scam-ju.eml:OECustomProperty> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 690 bytes -> I:\Users\Robert\Documents\This explains why I forward stuff-er.eml:OECustomProperty> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> I:\ProgramData\TEMP:373E1720> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 1141 bytes -> I:\Users\Robert\Documents\Foreign telephone operators [Incident_ 121030-003401].eml:OECustomProperty> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 1103 bytes -> I:\Users\Robert\Documents\Train service disruption last week.eml:OECustomProperty > in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3619600033-2495703809-3358291532-1000\..\SearchScopes\{8E926EE7-E86E-49A1-A124-199EC817719C}: "URL" = http://blekko.com/ws...chTerms}&r=971> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "WebSearch"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://websearch.moc...mocaflix.com/"> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "http://websearch.moc...x.com/?l=1&q="> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "WebSearch"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "WebSearch"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaulturl: "http://websearch.moc...x.com/?l=1&q="> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1,S: S", "WebSearch"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"> in the current context!
Error: Unable to interpret <[2012/10/01 15:48:47 | 000,000,000 | ---D | M] ("Installation Assistant") -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\extensions\[email protected]> in the current context!
Error: Unable to interpret <[2012/10/01 15:48:46 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\extensions\[email protected]\chrome\content\extensionCode> in the current context!
Error: Unable to interpret <[2012/10/01 15:49:47 | 000,001,435 | ---- | M] () -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\searchplugins\spamfreesearch.xml> in the current context!
Error: Unable to interpret <[2012/11/09 00:29:11 | 000,000,544 | ---- | M] () -- I:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ju1fxsg5.default\searchplugins\WebSearch.xml> in the current context!
Error: Unable to interpret <O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - I:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)> in the current context!
========== FILES ==========
I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.27_0\js\lib folder moved successfully.
I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.27_0\js\api folder moved successfully.
I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.27_0\js folder moved successfully.
I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.27_0\icons\actions folder moved successfully.
I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.27_0\icons folder moved successfully.
I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.27_0 folder moved successfully.
I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
I:\Users\Robert\Desktop\cmd.bat deleted successfully.
I:\Users\Robert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: Robert
->Java cache emptied: 1519565 bytes

User: UpdatusUser

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: Robert
->Flash cache emptied: 856 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12022012_104112
t.
  • 0

#21
tyler4402
Posted 02 December 2012 - 07:29 AM

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi again, the websearch mocaflix tab is still on the Chrome browser homepage when I open the page, Robert.
  • 0

#22
gringo_pr
Posted 02 December 2012 - 12:31 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I want you to uninstall firefox and if asked about user data or setting I want that removed also

RESTART the computer and reinstall Chrome and check it out for me



gringo
  • 0

#23
tyler4402
Posted 02 December 2012 - 02:46 PM

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi Gringo, Mozilla or Firefox is not in my programs list and do not show in the "Uninstall or change a program" list when I tried to delete them, but there is a Mozilla folder in Prog files.

And under HKEY_Local M/c / Software there is...Mozilla which when expanded shows Firefox, TaskbarID's and Maintenance Service, there is also a Mozilla.org and MozillaPlugins
Above them I notice there is also a Mcafee.com file which I have not knowingly put on my PC as I am satisfied with Avast and Comodo.
I can delete the Mozilla folders from the Reg HKEY_Local if you wish, regards Robert.
  • 0

#24
gringo_pr
Posted 02 December 2012 - 03:04 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Sorry I meant chrome as that is where you have the problem



gringo
  • 0

#25
tyler4402
Posted 03 December 2012 - 04:57 AM

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi Gringo, I have uninstalled Chrome and then I ran a reg clean with Auslogics, and reinstalled Chrome from Google.com setting it as default browser.
On start-up my homepage shows with three tabs one is my TalkTalk homepage tab, the second tab is an advert for broadband from TalkTalk which for some reason always appears with the homepage, and the third is the mocaflix.com search.
Although I read that this search bar is a virus which directs searches to spurious sites, I now wonder if its part of Google?? Due to its reappearance with the new download of Chrome. Regards Robert.
  • 0

Advertisements

#26
gringo_pr
Posted 03 December 2012 - 02:20 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


That sounds like one of the settings


first go to a web page that you would like to be your home page

close all other tabs so it is the only one open - (you can have more than one if you wish)

in the upper right hand of the chrome window (under the red X) you will see a wrench or 3 lines click here

look for settings

look under on startup and choose "Open a specific page or set of pages." you will see set pages


in the window that pops up select use current



restart chrome and see if it is better



gringo
  • 0

#27
tyler4402
Posted 03 December 2012 - 05:43 PM

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi again, Yes thankyou that has removed the TV and broadband advert tab, and the mocaflix search tab, while the mocaflix program does not show in the Control Panel "Uninstall or change a program" list, it is still in program files but when I click on the folder to delete it I get the message that it can not be deleted because its open or being used.
Likewise for Mozilla it was not in the uninstall programs list, but it's folder was in prog files, although the folder deleted when I clicked delete. Regards Robert.
  • 0

#28
gringo_pr
Posted 03 December 2012 - 11:01 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
O20 - AppInit_DLLs: (i:\PROGRA~1\MocaFlix\SPROTE~1.DLL) - i:\Program Files\MocaFlix\sprotector.dll ()
[2012/11/09 00:29:12 | 000,000,000 | ---D | C] -- I:\Program Files\MocaFlix

:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

#29
tyler4402
Posted 04 December 2012 - 04:15 AM

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi Gringo, here is the :Log. The PC did not reboot, but the log was quickly produced. Regards Robert.

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:i:\PROGRA~1\MocaFlix\SPROTE~1.DLL deleted successfully.
i:\Program Files\MocaFlix\sprotector.dll moved successfully.
I:\Program Files\MocaFlix folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
I:\Users\Robert\Desktop\cmd.bat deleted successfully.
I:\Users\Robert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: Robert
->Java cache emptied: 548527 bytes

User: UpdatusUser

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: Robert
->Flash cache emptied: 492 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12042012_101025
  • 0

#30
gringo_pr
Posted 04 December 2012 - 11:56 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP